Cleo Product Security Update Advisory (CVE-2024-55956)

Overview

 

An update has been released to address vulnerabilities in Cleo Products. Users of the affected versions are advised to update to the latest version.
 

 

Affected Products

 

 

CVE-2024-55956

• Cleo Harmony® versions: ~ 5.8.0.24 (excluded)
• Cleo VLTrader® versions: ~ 5.8.0.24 (excluded)
• Cleo LexiCom® versions: ~ 5.8.0.24 (excluded)

 

 

Resolved Vulnerabilities

 

Vulnerability in the Autorun directory settings that could allow an unauthenticated user to execute arbitrary Bash or PowerShell commands on the host system (CVE-2024-55956)

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-55956

• Cleo Harmony® version: 5.8.0.24
• Cleo VLTrader® version: 5.8.0.24
• Cleo LexiCom® version: 5.8.0.24

 

 

Referenced Sites

 

[1] CVE-2024-55956 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-55956

[2] Cleo Product Security Update – CVE-2024-55956

https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956