Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2024-57727

CRITICAL
Published 2025-01-15T00:00:00.000Z
Actions:

CVSS Score

V3.1
9.1
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Description

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

Available Exploits

No exploits available for this CVE.

Related News

CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw. The post CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application appeared first on OffSec.

Offsec.com 2025-04-10 14:44
Read More
CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application

CVE-2024-57727 lets attackers read sensitive files via path traversal in SimpleHelp. Learn more about how attackers exploit this flaw. The post CVE-2024-57727: Path Traversal Vulnerability in SimpleHelp Web Application appeared first on OffSec.

Offsec.com 2025-04-10 14:44
Read More
CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-57727 SimpleHelp Path Traversal Vulnerability These types of vulnerabilities are frequent attack ve…

Cisa.gov 2025-02-13 12:00
Read More

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

March 6, 2025

Added to KEV

February 13, 2025

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: SimpleHelp
Product: SimpleHelp

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.02.13 Released: February 13, 2025

References

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
Published: 2025-01-15T00:00:00.000Z
Last Modified: 2025-06-06T17:45:25.553Z
Copied to clipboard!