← Retour aux CVEs
CVE-2024-57727
HIGHCISA KEV7.5
Description
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie1/15/2025
Derniere modification11/4/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurSimpleHelp
ProduitSimpleHelp
Nom vulnerabiliteSimpleHelp Path Traversal Vulnerability
Date ajout KEV2025-02-13
Date limite remediation2025-03-06
Utilise dans ransomwareKnown
Produits affectes
simple-help:simplehelp
Faiblesses (CWE)
CWE-22CWE-22
References
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier(cve@mitre.org)
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/(cve@mitre.org)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57727(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.