← Back to CVEs

CVE-2024-57728

HIGHCISA KEV

7.2

Description

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

CVE Details

CVSS v3.1 Score7.2

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionNONE

Published1/15/2025

Last Modified4/24/2026

Sourcenvd

Honeypot Sightings0

CISA KEV

VendorSimpleHelp

ProductSimpleHelp

Vulnerability NameSimpleHelp Path Traversal Vulnerability

KEV Date Added2026-04-24

Remediation Due Date2026-05-08

Ransomware UseUnknown

Affected Products

simple-help:simplehelp

Weaknesses (CWE)

CWE-59CWE-22

References

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier(cve@mitre.org)

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/(cve@mitre.org)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.