CVE-2024-55956

Name of the Vulnerable Software and Affected Versions Cleo Harmony versions prior to 5.8.0.24 Cleo VLTrader versions prior to 5.8.0.24 Cleo LexiCom versions prior to 5.8.0.24

Description The issue allows an unauthenticated user to import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. It is reported that 70% of Cleo File Transfer Exposures may be vulnerable to unauthenticated Remote Code Execution (RCE), and 60% of public servers remain unpatched. The Cl0p ransomware group has taken credit for the exploitation of this issue.

Recommendations For Cleo Harmony versions prior to 5.8.0.24, upgrade to version 5.8.0.24 or later. For Cleo VLTrader versions prior to 5.8.0.24, upgrade to version 5.8.0.24 or later. For Cleo LexiCom versions prior to 5.8.0.24, upgrade to version 5.8.0.24 or later. As a temporary workaround, consider restricting access to the Autorun directory to minimize the risk of exploitation.