- Description
- In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Cleo Multiple Products Unauthenticated File Upload Vulnerability
- Exploit added on
- Dec 17, 2024
- Exploit action due
- Jan 7, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
サイバーリーズン・ブログ 『【脅威分析レポート】CVE-2024-55956 〜Cleo製ファイル転送ソフトにゼロデイ脆弱性、データ盗難の可能性も〜』 Cleo製ファイル転送ソフトのゼロデイ脆弱性についてを解説しています。 詳しくは↓ https://t.co/vCKekqAOZy #サイバーリーズン #Cybereason https://t.co/P0aB4n4bNu
@cybereasonjp
30 Jan 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cleo Software Actively Being Exploited in the Wild CVE-2024-55956 | Huntress #cybersecurity #informationsecurity https://t.co/Eqza5RPIh2
@JeffEnglander
16 Jan 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cleo の脆弱性 CVE-2024-55956/50623 の悪用:60社以上の侵害を Clop が主張 https://t.co/GllA1099TK Cleo の脆弱性の悪用する、Clop の攻撃が注目を集めています。当初の予測よりも、被害の件数は多いようであり、近々に 60社のリストが公表されるとのことです。 #BlueYonder #Cleo #ClOp… https://t.co/adIROREZH7
@iototsecnews
8 Jan 2025
174 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We now have a @metasploit RCE exploit module in the pull queue for CVE-2024-55956 - an unauthenticated file write vulnerability affecting Cleo LexiCom, VLTrader, and Harmony which was exploited in the wild last month as 0day: https://t.co/GBpgXj9fsS https://t.co/XHlDyeEqHv
@stephenfewer
7 Jan 2025
13734 Impressions
51 Retweets
156 Likes
41 Bookmarks
4 Replies
0 Quotes
Widespread #Exploitation of #Cleo File Transfer Software (CVE-2024-55956) https://t.co/Jn18hSycpE
@club31337
30 Dec 2024
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔵 Cleo Harmony, VLTrader, and LexiCom (#CVE-2024-55956): Unauthenticated Remote Code Execution https://t.co/dPZT8uQLcK
@dailycve
30 Dec 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#WeeklyThreats: CVE-2024-50623 e CVE-2024-55956 di Cleo sfruttate da #TA505, operazioni inedite colpiscono #Kiev, nuovi tool di sorveglianza associati a #Russia e #Cina. L'ultima settimana nel nostro report #OSINT e #CTI 🔗 https://t.co/0Iuo0NeTDA @TelsyGruppoTIM #Intelligence
@TS_WAY_SRL
23 Dec 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A Clop ransomware banda magára vállalta a felelősséget a Cleot ért adatlopási támadásokért A Clop ransomware banda megerősítette a BleepingComputernek, hogy ők állnak a legutóbbi Cleo adatlopási támadások hátterében, akik a támadások során a CVE-2024-50623 és CVE-2024-55956 el…
@linuxmint_hun
21 Dec 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE CISA ALERT! CVE-2024-55956 is a critical command injection vulnerability affecting Cleo Harmony, VLTrader, and LexiCom versions prior to 5.8.0.24. This vulnerability allows unauthenticated attackers to execute arbitrary commands, such as Bash or PowerShell, on the…
@Loginsoft_Inc
19 Dec 2024
75 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
December 18 Advisory: Cleopocalypse: 70% of Cleo File Transfer Exposures may be Vulnerable to Unauthenticated RCE [CVE-2024-55956] #rce #cleo https://t.co/48A0lV4QPU
@censysio
18 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-55956 is getting exploited #inthewild. Find out more at https://t.co/mm6kBMYnsW
@inthewildio
18 Dec 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) - Cl0P s Latest Attack Vector | 16-12-2024 Source: https://t.co/DxVI7lFxpC Key details below ↓ 💀Threats: Clop, Termite, Supply_chain_technique, Malichus, 🎯Victims: Blue yonder…
@rst_cloud
17 Dec 2024
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-55956 #Cleo Multiple Products Unauthenticated File Upload Vulnerability https://t.co/Nuie3VC6Ix
@ScyScan
17 Dec 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added a #Cleo unauthenticated file upload vulnerability, CVE-2024-55956, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/0QjOFgPFq2
@CISACyber
17 Dec 2024
3672 Impressions
10 Retweets
20 Likes
4 Bookmarks
0 Replies
2 Quotes
In response to CL0P breach concerns, I investigated CLEO’s CVE-2024-55956 mitigation. Among CLEO server IPs identified via Shodan/Censys, those accessible via HTTP/S were examined. As of today, 60% (553) of 925 public servers remain unpatched. https://t.co/Ll3Xr9tR91
@nekono_naha
17 Dec 2024
1135 Impressions
0 Retweets
10 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2024-55956: https://t.co/AHyOXDObgN #vulnerability #cve #cybersecurity #exploitation #exploit
@blackstormsecbr
16 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Very well done write-up forCVE-2024-55956 by @Rapid7's emerging threat team: https://t.co/eGbsYAt8eu - Very much appreciated.
@Junior_Baines
16 Dec 2024
1003 Impressions
3 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) – Cl0P’s Latest Attack Vector https://t.co/R7uAQhqQJY Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) – Cl0P’s Latest Attack Vector Recently, vulnerabilities in Cleo’s file transfer softw…
@f1tym1
16 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We have published our @rapid7 analysis of the new Cleo vuln, now known as CVE-2024-55956. An unauthenticated file write affecting LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below, that can be leveraged to achieve unauth RCE. Full analysis here: https://t.co/KuTfeHIGif h
@stephenfewer
16 Dec 2024
8741 Impressions
24 Retweets
69 Likes
24 Bookmarks
2 Replies
2 Quotes
CVE-2024-55956 In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell co… https://t.co/uquOFcQJZF
@CVEnew
14 Dec 2024
465 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cleo:harmony:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20C7BC5F-D07F-4B6C-A674-4F9DDE6179FC",
"versionEndExcluding": "5.8.0.24"
},
{
"criteria": "cpe:2.3:a:cleo:lexicom:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C1727B4-B497-4F87-87B9-E4D0B63EECA1",
"versionEndExcluding": "5.8.0.24"
},
{
"criteria": "cpe:2.3:a:cleo:vltrader:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A6FB799-062D-4C25-91DA-4712774293BF",
"versionEndExcluding": "5.8.0.24"
}
],
"operator": "OR"
}
]
}
]