Tech Stack

• Affected Products:
  • Cleo Harmony (versions prior to 5.8.0.24)
  • VLTrader (versions prior to 5.8.0.24)
  • LexiCom (versions prior to 5.8.0.24)

---

Date(s) Issued

• Published: December 13, 2024
• Updated: December 13, 2024

---

Criticality

• Severity Rating: Critical
• Potential Impact: Exploitation allows an unauthenticated attacker to import and execute arbitrary Bash or PowerShell commands on the host system, potentially resulting in full system compromise.

---

Overview

This vulnerability is caused by insecure default settings in the Autorun Directory of Cleo Harmony, VLTrader, and LexiCom. An unauthenticated user can exploit this flaw to import and execute arbitrary scripts (e.g., Bash or PowerShell) on the host system. Successful exploitation could lead to unauthorized system access, privilege escalation, and complete system takeover.

---

Solution and Mitigation Steps

1. Upgrade Affected Software

Cleo has released version 5.8.0.24 to address this critical vulnerability.
Action:

• Immediately upgrade to version 5.8.0.24 or later for the following products:
  • Cleo Harmony
  • VLTrader
  • LexiCom
• Download the patch and instructions from Cleo’s official site: Cleo Security Update for CVE-2024-55956.

2. Disable Autorun Directory (if upgrade is not immediately feasible)

Until the software is updated, take the following steps to mitigate the risk:

• Disable the Autorun Directory Feature:
  • Locate the Autorun configuration in the system settings.
  • Disable or remove all files and scripts in the Autorun directory.
• Restrict Directory Access:
  • Limit access permissions to the Autorun directory to prevent unauthorized users from modifying its contents.

3. Harden Command Execution

• Restrict Shell Access:
  • Disable Bash and PowerShell access for unauthorized users.
  • Use restrictive policies for script execution via Group Policy Objects (GPO) or Linux security tools.
• Log and Monitor Execution:
  • Enable logging for all script executions.
  • Use monitoring tools to detect unusual activity or unauthorized script imports.

4. Network Segmentation and Firewall Rules

• Restrict External Access:
  • Isolate the affected systems from public-facing networks until patches are applied.
  • Block untrusted IPs from connecting to the system using firewalls or intrusion prevention systems (IPS).

5. Implement Least Privilege

• Review user access permissions and limit privileges to prevent unauthorized users from accessing system resources.
• Remove any unnecessary administrative accounts or privileges.

---

Confirmation & Additional Information

Verify Mitigation Implementation

• Post-Upgrade: Verify that the installed version is 5.8.0.24 or higher.
  • This can be confirmed in the product’s version information in the admin console.
• Test Mitigations:
  • Attempt to execute unauthorized scripts in a controlled testing environment to ensure protections are active.

Stay Updated

• Regularly monitor Cleo’s advisories and announcements for further updates: Cleo Product Security Update for CVE-2024-55956.

Additional Resources

Hardening Documentation for Cleo Products: Follow Cleo’s security guidelines for enhanced configuration.

Cleo Customer Support: Support Portal