CVE-2024-55956

CRITICAL KEV RANSOMWARE NUCLEI

Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution

Title source: metasploit

Description

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

Exploits (1)

metasploit WORKING POC EXCELLENT

by sfewer-r7, remmons-r7 · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cleo_rce_cve_2024_55956.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Cleo Harmony < 5.8.0.24 - File Upload Vulnerability

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: Server: Cleo

References (4)

[Vendor Advisory] https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Advisory-CVE-Pending

[Vendor Advisory] https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update

[Exploit, Third Party Advisory] https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55956

Scores

CVSS v3 9.8

EPSS 0.9122

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-12-17

VulnCheck KEV 2024-12-10

InTheWild.io 2024-12-17

ENISA EUVD EUVD-2024-52864

Ransomware Use Confirmed

CWE

CWE-77

Status published

Products (3)

cleo/harmony < 5.8.0.24

cleo/lexicom < 5.8.0.24

cleo/vltrader < 5.8.0.24

Published Dec 13, 2024

KEV Added Dec 17, 2024

Tracked Since Feb 18, 2026