CVE-2024-57726

critical

Description

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

References

https://thehackernews.com/2025/02/hackers-exploit-simplehelp-rmm-flaws.html

https://www.bleepingcomputer.com/news/security/hackers-exploit-simplehelp-rmm-flaws-to-deploy-sliver-malware/

https://www.securityweek.com/simplehelp-remote-access-software-exploited-in-attacks/

https://thehackernews.com/2025/01/zyxel-cpe-devices-face-active.html

https://securityaffairs.com/173578/security/attackers-exploit-simplehelp-rmm-software-flaws.html

https://www.bleepingcomputer.com/news/security/hackers-exploiting-flaws-in-simplehelp-rmm-to-breach-networks/

https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-campaign-exploiting-simplehelp-rmm-software-initial-access/

https://www.securityweek.com/vulnerabilities-in-simplehelp-remote-access-software-may-lead-to-system-compromise/

https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Details

Source: Mitre, NVD

Published: 2025-01-15

Updated: 2025-01-31

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

Detections

Analytics