2 matches found
CVE-2024-50623
CVE-2024-50623 affects Cleo Harmony, Cleo VLTrader, and Cleo LexiCom prior to 5.8.0.21. It is an unrestricted file upload/download flaw that could lead to remote code execution. PoCs exist (e.g., GitHub exploits), and the recommended remediation is to upgrade to 5.8.0.21 or newer. Some connected ...
CVE-2024-55956
CVE-2024-55956 affects Cleo Harmony, VLTrader, and LexiCom prior to version 5.8.0.24. The vulnerability allows unauthenticated attackers to import and execute arbitrary Bash or PowerShell commands on the host by abusing the default Autorun directory, effectively a remote code execution via an una...