← Volver a CVEs
CVE-2024-57728
HIGHCISA KEV7.2
Descripcion
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
Detalles CVE
Puntuacion CVSS v3.17.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado1/15/2025
Ultima modificacion4/24/2026
Fuentenvd
Avistamientos honeypot0
CISA KEV
VendedorSimpleHelp
ProductoSimpleHelp
Nombre vulnerabilidadSimpleHelp Path Traversal Vulnerability
Fecha inclusion KEV2026-04-24
Fecha limite remediacion2026-05-08
Uso en ransomwareUnknown
Productos afectados
simple-help:simplehelp
Debilidades (CWE)
CWE-59CWE-22
Referencias
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier(cve@mitre.org)
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/(cve@mitre.org)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.