CVE-2024-57727: SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote...

7.5 CVSS

Description

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

Known Exploited

🚨 Marked as known exploited on February 13th, 2025 (2 months ago).

Classification

CVE ID: CVE-2024-57727

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor: n/a

Product: n/a

Nuclei Template

http/cves/2024/CVE-2024-57727.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.47% (probability of being exploited)

EPSS Percentile: 75.54% (scored less or equal to compared to others)

EPSS Date: 2025-02-13 (when was this score calculated)

References

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Timeline

2025-01-16 00:30:55 UTC
CVE

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote...
2025-02-13 18:45:16 UTC
CISA KEV

SimpleHelp Path Traversal Vulnerability
2025-02-13 18:46:41 UTC
🚨 Marked as Known Exploited