SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management RMM instances to compromise customers of an unnamed utility billing software provider. "This incident reflects a broader...

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

Security Updates for SimpleHelp < 5.5.8

The version of SimpleHelp running on the remote web server is prior to 5.3.9, or 5.4.x prior to 5.4.10 or 5.5.x prior to 5.5.8. It is, therefore, affected by multiple vulnerabilities: - Allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to...

SimpleHelp Path Traversal Vulnerability

SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords...

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the...

CVE-2024-57727

CVE-2024-57727 affects SimpleHelp RMM

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...