CVE-2024-57727

HighCISA KEVActive ExploitationRansomware-linked

Published: 15 January 2025

Published

15 January 2025

Modified

04 November 2025

KEV Added

13 February 2025

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.9402 99.9th percentile

Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

Security Summary

CVE-2024-57727 is a set of multiple path traversal vulnerabilities (CWE-22) affecting SimpleHelp remote support software versions 5.5.7 and earlier. These flaws allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host through crafted HTTP requests. Sensitive files accessible include server configuration files containing various secrets and hashed user passwords. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact with no requirements for privileges or user interaction.

Unauthenticated attackers with network access can exploit these path traversal issues by sending specially crafted HTTP requests to the SimpleHelp server. Successful exploitation enables the retrieval of arbitrary files, potentially exposing credentials, configuration data, and other secrets that could facilitate further compromise of the host or related systems.

Mitigation details are outlined in advisories from the vendor at https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier, security researcher disclosure at https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/, and CISA's Known Exploited Vulnerabilities catalog entry at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57727.

This CVE is listed in CISA's Known Exploited Vulnerabilities catalog, indicating real-world exploitation in the wild.

Details

CWE(s): CWE-22
KEV Date Added: 13 February 2025

Affected Products

simple-help

simplehelp

≤ 5.5.8

MITRE ATT&CK Enterprise Techniques

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

Why these techniques?

Unauthenticated path traversal enables exploitation of public-facing application (T1190) for arbitrary file reads, facilitating file and directory discovery (T1083) and collection of unsecured credentials from configuration files containing hashed passwords and secrets (T1552.001).

References

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
Release Notes · cve@mitre.org
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
Third Party Advisory · cve@mitre.org
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57727
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0