CVE-2024-57726

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.7 and before

Description The issue is related to insecure management of privileges in SimpleHelp remote support software. This allows low-privileges technicians to create API keys with excessive permissions, which can be used to escalate privileges to the server admin role. The vulnerabilities also enable attackers to upload arbitrary files to the SimpleHelp server. Real-world incidents have been reported where this issue was exploited, including a supply chain ransomware attack via an MSP, hitting multiple clients with double-extortion tactics.

Recommendations For SimpleHelp versions 5.5.7 and before, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the API key creation functionality to minimize the risk of exploitation. Additionally, restrict access to the vulnerable API endpoints to prevent attackers from uploading arbitrary files. Avoid using API keys with excessive permissions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.