CVE-2024-57727

HIGH
2025-01-15 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:03 vuln.today
Added to CISA KEV
Nov 04, 2025 - 16:37 cisa
CISA KEV
CVE Published
Jan 15, 2025 - 23:15 nvd
HIGH 7.5

Tags

Path Traversal Simplehelp

Description

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

Analysis

SimpleHelp remote support software contains multiple path traversal vulnerabilities allowing unauthenticated remote attackers to download arbitrary files including server configuration and hashed passwords.

Technical Context

The CWE-22 path traversal via /c/router endpoint with getImageByPath allows reading arbitrary files. Critical files include server configuration containing LDAP credentials, API keys, and password hashes for SimpleHelp accounts.

Affected Products

['SimpleHelp remote support software v5.5.7 and before']

Remediation

Update SimpleHelp to 5.5.8+. Rotate all stored credentials. Audit remote support session logs for unauthorized access.

Priority Score

182
Low Medium High Critical
KEV: +50
EPSS: +94.0
CVSS: +38
POC: 0

Share

CVE-2024-57727 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy