PT-2024-36619 · Cleo · Lexicom+2

Published

2024-12-18

Updated

2024-12-18

CVE-2024-559560

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Cleo Harmony versions prior to 5.8.0.25 VLTrader versions prior to 5.8.0.25 LexiCom versions prior to 5.8.0.25

Description The issue allows an unauthenticated attacker to execute arbitrary Bash or PowerShell commands on the host system by exploiting default Autorun directory settings.

Recommendations For Cleo Harmony versions prior to 5.8.0.25, update to version 5.8.0.25 or later. For VLTrader versions prior to 5.8.0.25, update to version 5.8.0.25 or later. For LexiCom versions prior to 5.8.0.25, update to version 5.8.0.25 or later.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-559560

Affected Products

Cleo Harmony

Lexicom

Vltrader

PT-2024-36619 · Cleo · Lexicom+2

CVE-2024-559560

Related Identifiers

Affected Products

References · 1