A critical vulnerability has been found in Cleo’s file transfer software Harmony, VLTrader, and LexiCom affecting versions 5.8.0.21.
Researches at Huntress identified this flaw, which exists in its lack of restrictions in uploading and downloading, that allows remote code execution.
In their proof of concept, they found attack indictations in the installation logs. These logs showed further file downloading and executing of malicious files which are then removed to remain stealthy.
Within their telemetry research, they found at least 10 businesses whose Cleo servers were potentially compromised. These included businesses in the consumer, food, trucking and shipping industry sectors. And there are many others still actively using these unpatched versions.
Recommendations
Researched advised users can minimize exposure by disabling the autorun feature within the application’s settings (Configure >> Options >> Other >> Delete content of “Autorun Directory”), but the vulnerability may still allow unauthorized arbitrary file-writing. Users are recommended to keep internet-connected systems using the Cleo software behind a firewall until a patch is released.
Read more on Cleo’s official product announcements here.
Leave a Reply