SimpleHelp Path Traversal Vulnerability

Added Feb. 13, 2025 • Due March 6, 2025 • CVE-2024-57727

Overdue SimpleHelp / SimpleHelp CWE-22

Description

SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

"https://simple-help.com/kb---security-vulnerabilities-01-2025
https://nvd.nist.gov/vuln/detail/CVE-2024-57727

Additional Information

Catalog Version: 2025.02.13
Catalog Released: Feb. 13, 2025
Days Until Due: 0 days
Last Updated: 7 months ago