CVE-2024-55956
- Source
- https://cve.org/CVERecord?id=CVE-2024-55956
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55956.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-55956
- Published
- 2024-12-13T21:15:13.767Z
- Modified
- 2026-03-12T14:45:14.364192Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55956
- https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Advisory-CVE-Pending
- https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update
- https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.8.0.24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.8.0.24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.8.0.24"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55956.json"