Threat Intelligence / CVE / CVE-2024-57727

CVE-2024-57727

CISA KEVRansomware

CVSS 7.5 (HIGH) · EPSS 94.0% · Published 2025-01-15

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-22

Threats tracking this CVE

DragonForce: White-Label Ransomware Cartel — Scattered Spider Partnership & MSP Supply Chain Attacks — HIGH

References

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57727

Full detection coverage & IOCs for threats exploiting CVE-2024-57727 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence