Cybersecurity researchers have disclosed a number of security flaws in SimpleHelp distant entry software program that might result in data disclosure, privilege escalation, and distant code execution.
Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, stated the “vulnerabilities are trivial to reverse and exploit.”
The checklist of recognized flaws is as follows –
- CVE-2024-57727 – An unauthenticated path traversal vulnerability that enables an attacker to obtain arbitrary information from the SimpleHelp server, together with the serverconfig.xml file that comprises hashed passwords for the SimpleHelpAdmin account and different native technician accounts
- CVE-2024-57728 – An arbitrary file add vulnerability that enables an attacker with SimpleHelpAdmin privileges (or as a technician with admin privileges) to add arbitrary information anyplace on the SimpleServer host, probably resulting in distant code execution
- CVE-2024-57726 – A privilege escalation vulnerability that enables an attacker who beneficial properties entry as a low-privilege technician to raise their privileges to an admin by profiting from lacking backend authorization checks
In a hypothetical assault state of affairs, CVE-2024-57726 and CVE-2024-57728 could possibly be chained by a nasty actor to grow to be an admin person and add arbitrary payloads to grab management of the SimpleHelp server.
Horizon3.ai stated it is withholding further technical particulars concerning the three vulnerabilities given their criticality and the benefit of weaponization. Following accountable disclosure on January 6, 2025, the failings have been addressed in SimpleHelp variations 5.3.9, 5.4.10, and 5.5.8 launched on January 8 and 13.
With menace actors recognized to leverage distant entry instruments to ascertain persistent distant entry to focus on environments, it is essential that customers transfer shortly to use the patches.
As well as, SimpleHelp is recommending that customers change the administrator password of the SimpleHelp server, rotate the passwords for Technician accounts, and prohibit the IP addresses that the SimpleHelp server can count on Technician and administrator logins from.
