admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-55956.md

23 lines
1022 B
Markdown
Raw Normal View History

Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### [CVE-2024-55956](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55956)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)
Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### Description
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
### POC
#### Reference
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
- https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
#### Github
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
- https://github.com/20142995/nuclei-templates
Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
- https://github.com/Ostorlab/KEV
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
- https://github.com/cyb3r-w0lf/nuclei-template-collection
Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
- https://github.com/fl4m3-s/Cleo_Unauth_RCE
- https://github.com/packetinside/CISA_BOT
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
- https://github.com/ums91/CISA_BOT
Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
Reference in New Issue Copy Permalink