https://vulnerability.circl.lu/comments/feed Most recent comment. 2024-12-28T22:51:17.127195+00:00 Vulnerability Lookup info@circl.lu python-feedgen Contains only the most 10 recent comments. https://vulnerability.circl.lu/comment/92cdf9dd-1009-427b-8181-b444dc288f89 INCIDENT: Threat Actors Currently Mass-Exploiting Cleo Servers (0-day-ish) 👾 (source reddit) 2024-12-28T22:51:17.132745+00:00 Alexandre Dulaunoy http://vulnerability.circl.lu/user/adulau - [INCIDENT: Threat Actors Currently Mass-Exploiting Cleo Servers (0-day-ish) 👾 ](https://www.reddit.com/r/sysadmin/comments/1haqguq/incident_threat_actors_currently_massexploiting/?rdt=59586) https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild On December 3, Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, commonly used to manage file transfers. We’ve directly observed evidence of threat actors exploiting this software en masse and performing post-exploitation activity. Although Cleo published an update and advisory for CVE-2024-50623—which allows unauthenticated remote code execution—Huntress security researchers have recreated the proof of concept and learned the patch does not mitigate the software flaw. ‍TL;DR - This vulnerability is being actively exploited in the wild and fully patched systems running 5.8.0.21 are still exploitable. We strongly recommend you move any internet-exposed Cleo systems behind a firewall until a new patch is released. 2024-12-10T07:57:07.099373+00:00