CVE-2024-57726

CVE-2024-57726 is a critical vulnerability in SimpleHelp remote support software versions 5.5.7 and earlier. It enables low-privileged technicians to create API keys with excessive permissions, which can then be leveraged to escalate privileges to the server administrator role. The issue carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is linked to CWE-862 (Missing Authorization), with additional NVD-CWE-noinfo categorization.

Low-privileged technicians with network access to the affected SimpleHelp instance can exploit this vulnerability without requiring user interaction or high complexity. Exploitation allows creation of over-privileged API keys, resulting in full server admin access and potential high-impact compromise across confidentiality, integrity, and availability due to the scope change.

Vendor and security advisories, including SimpleHelp's knowledge base article on vulnerabilities in v5.5.7 and earlier, Horizon3.ai's disclosure on critical flaws in the software, and its listing in the CISA Known Exploited Vulnerabilities Catalog, outline patches and mitigation steps for affected deployments.

This vulnerability has seen real-world exploitation, as evidenced by its inclusion in CISA's KEV catalog and references in reports on ransomware operations, such as Microsoft’s analysis of Storm-1175 targeting web-facing assets in Medusa ransomware campaigns and Trend Micro’s coverage of DragonForce ransomware activity.