Security researchers have warned about in-the-wild attacks that exploit a remote code execution vulnerability in managed file transfer (MFT) solutions developed by enterprise software vendor Cleo Communications.The impacted products include the latest versions of Cleo LexiCom, Cleo VLTrader and Cleo Harmony, with experts advising to temporarily disconnect these systems from the internet until a patch is available.
The first company to report the attacks was managed EDR firm Huntress who detected the exploits in some of its customers’ systems. The affected systems used an older version of Cleo software that is vulnerable to a flaw patched in October, but the Huntress researchers determined that the patch is insufficient and even up to date product versions are vulnerable.
“From our telemetry, we’ve discovered at least 10 businesses whose Cleo servers were compromised with a notable uptick in exploitation observed on December 8 around 07:00 UTC,” the Huntress team said in its report. “After some initial analysis, however, we have found evidence of exploitation as early as December 3.”