Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

  • Published: Dec 13, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-55956
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
cleo / lexicom - 5.8.0.24
cleo / vltrader - 5.8.0.24
cleo / harmony - 5.8.0.24