According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang claimed responsibility for the attacks on its website. The vulnerabilities affect Cleo’s products LexiCom, VLTrader, and Harmony. Cleo reportedly services approximately 4,200 organizations. You may remember that Cl0p claimed responsibility for the MoveIT incident in 2023 and, before that, the Accelion incident. Both of these previous incidents affected numerous companies.

The exploitation was identified by Huntress Labs. The flaw, CVE-2024-50623, “is an unrestricted file upload and download vulnerability that could lead to remote code execution.”

Cleo has released multiple patches for the CVE, including one last week to fix the issue. Then, a new critical vulnerability was identified, “allowing unauthenticated users to execute code through the Autorun directory.” Cleo issued another patch to address this vulnerability.

Rapid7 has noted an uptick in compromised endpoints in the consumer products, food, and shipping industries. Rapid7 has provided mitigation guidance, including “updating to the latest version of affected products immediately.”  Sound guidance.

If your company uses Cleo products LexiCom, VLTrader, or Harmony, follow the guidance and apply the provided patches provided.