CVE-2024-55956
Cleo Multiple Products Unauthenticated File Upload Vulnerability
⚠ KEVEPSS 91.2%
Description
Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
How to fix CVE-2024-55956
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2024-55956 being exploited?
Yes — CVE-2024-55956 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.