
Cloud Vulnerability DB
A community-led vulnerabilities database
CVE-2024-55956 affects Cleo Harmony, VLTrader, and LexiCom versions before 5.8.0.24. The vulnerability was discovered in early December 2024 and publicly disclosed on December 13, 2024. This critical vulnerability allows an unauthenticated user to import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) (NVD, Huntress).
The vulnerability exists in the default configuration of the Autorun directory functionality. Exploitation involves two HTTP POST requests that can achieve unauthenticated remote code execution. The attack leverages the software's Import functionality to process files from the Autorun directory, which are automatically executed and then deleted. The vulnerability has been observed being exploited through malicious files like healthchecktemplate.txt and healthcheck.txt placed in the autoruns subdirectory (Huntress).
Successful exploitation of this vulnerability allows attackers to achieve remote code execution with system-level privileges. The impact is particularly severe as it requires no authentication and affects systems in their default configuration. Attackers can execute arbitrary Bash or PowerShell commands, potentially leading to complete system compromise (NVD).
Organizations should immediately update to version 5.8.0.24 or later. As a temporary mitigation, it is recommended to move any internet-exposed Cleo systems behind a firewall. Additionally, organizations can disable the Autorun feature by removing the contents of the Autorun Directory field in the system configuration options (Huntress).
The vulnerability has gained significant attention from the cybersecurity community due to its critical nature and active exploitation. CISA has added this vulnerability to their Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to patch by January 7, 2025. Multiple security firms, including Huntress and Rapid7, have published detailed analyses and warnings about the ongoing exploitation (NVD).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."