← Zuruck zu CVEs
CVE-2024-57728
HIGHCISA KEV7.2
Beschreibung
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
CVE Details
CVSS v3.1 Bewertung7.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht1/15/2025
Zuletzt geandert4/24/2026
Quellenvd
Honeypot-Sichtungen0
CISA KEV
HerstellerSimpleHelp
ProduktSimpleHelp
SchwachstellennameSimpleHelp Path Traversal Vulnerability
KEV Aufnahmedatum2026-04-24
Behebungsfrist2026-05-08
Ransomware-NutzungUnknown
Betroffene Produkte
simple-help:simplehelp
Schwachen (CWE)
CWE-59CWE-22
Referenzen
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier(cve@mitre.org)
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/(cve@mitre.org)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.