Multiple security vulnerabilities reported in SimpleHelp's remote support software
Take action: If you are running SimpleHelp server, patch ASAP and rotate all SimpleHelp user passwords. There is no workaround, and delays don't make any sense since the vulnerabilities can be exploited very easily.
Learn More
Multiple security vulnerabilities have been discovered in SimpleHelp's remote support software, potentially exposing organizations using unpatched versions to security risks. The vulnerabilities were identified by Horizon3.ai researcher Naveen Sunkavally and have been patched in recent software updates.
SimpleHelp is a remote support software that allows technicians to connect to and assist customers' computers from anywhere via the internet. It provides features like screen sharing, file transfer, and unattended access, making it easier for IT professionals to manage and troubleshoot issues remotely.
Three major vulnerabilities were identified:
- CVE-2024-57727 (CVSS score not disclosed) - A critical unauthenticated path traversal vulnerability enabling attackers to access arbitrary files on the SimpleHelp server, including encrypted configuration files containing sensitive credentials and authentication data. This vulnerability could expose serverconfig.xml file containing hashed passwords for administrator and technician accounts, as well as potential access to LDAP credentials, OIDC client secrets, API keys, and TOTP seeds used for MFA.
- CVE-2024-57728 (CVSS score not disclosed) - An arbitrary file upload vulnerability that allows authenticated administrators or privileged technicians to upload files anywhere on the SimpleServer host. On Linux systems, this could be exploited through crontab file manipulation for remote command execution. On Windows systems, attackers could overwrite system executables or libraries to achieve remote code execution.
- CVE-2024-57726 (CVSS score not disclosed) - A privilege escalation vulnerability allowing low-privilege technicians to elevate their access to administrator level by exploiting missing backend authorization checks through a crafted sequence of network calls.
The vulnerabilities affect all SimpleHelp versions prior to:
- Version 5.5.8
- Version 5.4.10
- Version 5.3.9
SimpleHelp addressed and patched a security vulnerability within approximately two weeks of initial contact from Horizon3.ai researchers, releasing multiple patch versions between January 8-13, 2025
SimpleHelp advises users to upgrade to the latest patched versions immediately, cange the administrator password of the SimpleHelp server, rotate passwords for all Technician accounts and implement IP address restrictions for Technician and administrator logins.
