← Browse CVEs
CVE-2024-55956
Critical · CVSS 9.8EPSS 93.8%CISA KEVCWE-77
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
References
Published
Community ground truth
Community verdict
3 verdictsNot a real issue
to add your verdict.
Community real-world severity: Critical (Critical 3) — CVSS base score 9.8
In line with its CVSS base score.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
No notes yet — be the first to share what you saw or a fix that worked.