Patch Version 5.8.0.24 Made Available to Address Previously Reported Critical Vulnerability (CVE-2024-55956)
Cleo strongly advises all customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch (version 5.8.0.24) to address this vulnerability.
The vulnerability affects only the following products:
- Cleo Harmony® (prior to version 5.8.0.24)
- Cleo VLTrader® (prior to version 5.8.0.24)
- Cleo LexiCom® (prior to version 5.8.0.24)
This security patch (version 5.8.0.24) addresses the previously identified critical vulnerability (CVE-2024-55956)) in Cleo Harmony, VLTrader, and LexiCom that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
Please visit Unauthenticated Malicious Hosts Vulnerability to take immediate action.
Comments
0 comments
Please sign in to leave a comment.