CVE-2024-55956 - Cleo Harmony, Cleo Vltrader and Cleo Lexicom

Critical 9.8

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

Affected software

Cleo Harmony

Cleo Vltrader

Cleo Lexicom

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.