← Zuruck zu CVEs
CVE-2024-57727
HIGHCISA KEV7.5
Beschreibung
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/15/2025
Zuletzt geandert11/4/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerSimpleHelp
ProduktSimpleHelp
SchwachstellennameSimpleHelp Path Traversal Vulnerability
KEV Aufnahmedatum2025-02-13
Behebungsfrist2025-03-06
Ransomware-NutzungKnown
Betroffene Produkte
simple-help:simplehelp
Schwachen (CWE)
CWE-22CWE-22
Referenzen
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier(cve@mitre.org)
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/(cve@mitre.org)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57727(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.