Cleo, a leading managed file transfer (MFT) provider, recently released a patch to address a zero-day vulnerability in their Harmony, LexiCom, and VLTrader products. This vulnerability, which has not yet been assigned a CVE number, was originally patched in late October but was found to still be exploitable by threat actors.
The discovery of this vulnerability, known as CVE-2024-50623, led to concerns about unrestricted file upload and download capabilities in Cleo’s products. Despite a previous patch release, security researchers found that the vulnerability was still being actively exploited, prompting Cleo to take further action.
In response to these ongoing security concerns, Cleo issued a new patch, version 5.8.0.24, on Wednesday evening. This patch specifically addresses the critical vulnerability that allowed for unrestricted file upload and download, as well as the execution of malicious host definitions. Cleo advised customers to apply the patch immediately to protect their systems from potential attacks.
In a security advisory, Cleo explained that the vulnerability could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system. By leveraging the default settings of the Autorun directory, attackers could exploit this vulnerability to gain unauthorized access to Cleo’s products.
Security researcher John Hammond of Huntress Labs, who has been closely monitoring the situation, noted that the new patch seems to be effective in preventing the exploitation of the zero-day vulnerability. However, concerns remain about the potential involvement of threat actors, such as the Termite ransomware group, in exploiting Cleo’s MFT products.
Despite speculation about specific threat groups, experts like Christiaan Beek of Rapid7 cautioned against jumping to conclusions without verifiable evidence. Beek emphasized the importance of correlating technical indicators, tools, techniques, and past observations to accurately identify and assess security threats.
In response to the ongoing investigation into the zero-day vulnerability, Cleo has reassured customers that they are taking proactive measures to address the issue. The company has provided enhanced 24/7 customer support services to assist customers in applying the necessary patches and securing their systems against potential attacks.
As the situation continues to unfold, both Cleo and cybersecurity experts urge customers to stay informed and vigilant. By staying up to date on security bulletins and taking proactive measures to protect their systems, customers can mitigate the risks posed by zero-day vulnerabilities and potential threat actors.
In conclusion, the recent patch release by Cleo underscores the ongoing challenges of cybersecurity in today’s digital landscape. With zero-day vulnerabilities posing a constant threat to organizations’ data and systems, proactive measures and prompt patching are essential to safeguard against potential attacks.