Horizon3.ai researcher Naveen Sunkavally noted that the vulnerabilities in SimpleHelp are trivial to reverse and exploit, emphasizing the potential risks they pose.
CVE-2024-57727 allows attackers to download arbitrary files from the SimpleHelp server, risking exposure of sensitive information such as hashed passwords.
Chaining CVE-2024-57726 and CVE-2024-57728 could enable attackers to gain admin privileges, leading to serious exploits including remote code execution.
Following responsible disclosure on January 6, 2025, SimpleHelp patched the critical vulnerabilities in versions 5.3.9, 5.4.10, and 5.5.8.
Collection
[
|
...
]