← Retour aux CVEs

CVE-2024-57728

HIGHCISA KEV

7.2

Description

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

Details CVE

Score CVSS v3.17.2

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisHIGH

Interaction utilisateurNONE

Publie1/15/2025

Derniere modification4/24/2026

Sourcenvd

Observations honeypot0

CISA KEV

FournisseurSimpleHelp

ProduitSimpleHelp

Nom vulnerabiliteSimpleHelp Path Traversal Vulnerability

Date ajout KEV2026-04-24

Date limite remediation2026-05-08

Utilise dans ransomwareUnknown

Produits affectes

simple-help:simplehelp

Faiblesses (CWE)

CWE-59CWE-22

References

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier(cve@mitre.org)

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/(cve@mitre.org)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.