Vulnerability feed

Vulnerability

CVE-2024-55956

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2024-55956
Description:: In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
Last updated date:: 12/20/2024

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 12/17/2024
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/20/2024
Reference url to background: https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/09/2025
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cleo_rce_cve_2024_55956.rb

Vulnerability Feed Contributors About Blog

@inTheWild

©2025 |