CVE-2024-55956: Cleo Multiple Products Unauthenticated File Upload Vulnerability
First published: Fri Dec 13 2024(Updated: )
Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cleo Multiple Products | ||
| Cleo Harmony | <5.8.0.24 | |
| Cleo LexiCom | <5.8.0.24 | |
| Cleo VLTrader | <5.8.0.24 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/12/16/ransomware_attacks_exploit_cleo_bug/
- https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956
- https://nvd.nist.gov/vuln/detail/CVE-2024-55956
- https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/
- https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Advisory-CVE-Pending
- https://www.bleepingcomputer.com/news/security/western-alliance-bank-notifies-21-899-customers-of-data-breach/
- https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update
- https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
- https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/
- https://www.theregister.com/2025/04/15/hertz_cleo_customer_data/
Frequently Asked Questions
What is the severity of CVE-2024-55956?
CVE-2024-55956 is considered a critical vulnerability due to its potential for unauthenticated remote code execution.
How do I fix CVE-2024-55956?
To address CVE-2024-55956, users should upgrade to the latest version of Cleo Harmony, VLTrader, or LexiCom, as per the vendor's security updates.
What products are affected by CVE-2024-55956?
CVE-2024-55956 affects Cleo Harmony, Cleo VLTrader, and Cleo LexiCom versions up to 5.8.0.24.
Can CVE-2024-55956 be exploited remotely?
Yes, CVE-2024-55956 can be exploited remotely by an unauthenticated user.
What type of vulnerability is CVE-2024-55956?
CVE-2024-55956 is an unrestricted file upload vulnerability that allows execution of arbitrary commands on the host system.
- agent/type
- agent/first-publish-date
- collector/the-register
- source/The Register
- alias/CVE-2024-50623
- alias/CVE-2024-55956
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/remedy
- agent/title
- agent/description
- collector/bleeping-computer
- source/BleepingComputer
- agent/author
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/news-ai
- zeroday/true
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/softwarecombine
- agent/references
- agent/tags
- agent/event
- agent/trending
- vendor/cleo
- canonical/cleo multiple products
- canonical/cleo harmony
- canonical/cleo lexicom
- canonical/cleo vltrader