CVE-2024-57726

Name of the Vulnerable Software and Affected Versions SimpleHelp versions prior to 5.5.8

Description SimpleHelp remote support software contains an issue with insecure privilege management and missing authorization. This allows technicians with low privileges to create API keys with excessive permissions, which can be used to escalate privileges to the server administrator role or root level. In combination with other flaws, this enables the upload of arbitrary files to the server and the execution of remote code. These flaws have been exploited in real-world incidents by groups such as DragonForce and Play, targeting Managed Service Providers (MSPs) and their clients to facilitate data theft, supply chain compromise, and ransomware deployment. The Play ransomware group has reportedly impacted approximately 900 victims worldwide.

Recommendations Versions prior to 5.5.8: Update the software to a version released after January 2025 that contains the security patches.