CVE-2024-57727

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.7 and earlier

Description SimpleHelp remote support software is affected by multiple path traversal vulnerabilities. These flaws allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. The downloaded files may include server configuration files containing sensitive information, such as secrets and hashed user passwords. This vulnerability is actively exploited by ransomware actors, including the DragonForce and Play ransomware groups, in double-extortion attacks. Approximately 580 vulnerable instances have been identified. Exploitation has been observed targeting utility billing providers and managed service providers (MSPs). The vulnerability allows attackers to steal credentials, escalate privileges, and deploy ransomware.

Recommendations Update SimpleHelp to a version later than 5.5.7.