Critical Zero-Day Flaw in Cleo Software Puts Major Retailers’ Data at Risk

Critical Zero-Day Flaw in Cleo Software Puts Major Retailers' Data at Risk

Critical Zero-Day Vulnerability in Cleo File Transfer Software Under Active Exploitation

A severe security breach has been discovered in Cleo’s managed file transfer products, affecting their LexiCom, VLTrader, and Harmony software solutions. The vulnerability (CVE-2023-34362) enables remote code execution and is currently being exploited by hackers to steal corporate data.

Impact and Scope:
– Affects versions 5.8.0.21 and earlier
– Bypasses previous security fix (CVE-2024-50623)
– Impacts 4,000 companies worldwide, including major retailers and logistics firms
– 390 vulnerable servers identified globally, with 298 located in the US

Attack Details:
– Exploitation began December 3, 2024, with increased activity from December 8
– Attackers utilize malicious files named ‘healthchecktemplate.txt’ or ‘healthcheck.txt’
– PowerShell commands are executed to download additional payloads
– Attacks linked to IP addresses across multiple countries including US, Canada, Netherlands
– Potentially connected to the Termite ransomware group

Immediate Mitigation Steps:
1. Move internet-exposed systems behind firewalls
2. Disable autorun feature
3. Monitor suspicious TXT and XML files in installation directories
4. Review logs for unauthorized PowerShell executions

Current Status:
– At least ten organizations confirmed affected
– Cleo plans to release a security update within the week
– Existing patch (version 5.8.0.21) proves ineffective against attacks

Organizations using Cleo products are strongly advised to implement security measures immediately while awaiting the official patch.

Share This Article