CVE-2024-55956
CVE-2024-55956
In short
An attacker can execute dangerous commands on the server without logging in by uploading files to a special folder that runs automatically. This is critical because it gives complete control of the system to anyone on the internet.
Technical detail
Unauthenticated remote code execution via the Autorun directory mechanism that automatically executes arbitrary Bash or PowerShell scripts without authentication. The vulnerability exploits default configurations allowing an attacker to import and run malicious commands with system-level privileges, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Advisory-CVE-Pendinghttps://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Updatehttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55956https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild