Severe SimpleHelp Security Flaws Expose Systems to Data Theft and Remote Attacks

Severe SimpleHelp Security Flaws Expose Systems to Data Theft and Remote Attacks

Critical Security Flaws Discovered in SimpleHelp Remote Access Software

Security researchers at Horizon3.ai have uncovered three significant vulnerabilities in SimpleHelp remote access software, posing serious security risks to users. The discovered flaws could enable attackers to access sensitive information, escalate privileges, and execute malicious code remotely.

The identified vulnerabilities include:

1. CVE-2024-57727: An unauthenticated path traversal vulnerability allowing unauthorized access to server files, including serverconfig.xml containing password hashes.

2. CVE-2024-57728: A file upload vulnerability enabling users with admin privileges to upload files anywhere on the SimpleServer host, potentially leading to remote code execution.

3. CVE-2024-57726: A privilege escalation vulnerability allowing low-privilege technicians to gain admin access through missing authorization checks.

These vulnerabilities have been patched in SimpleHelp versions 5.3.9, 5.4.10, and 5.5.8, released in January 2024. To mitigate risks, SimpleHelp recommends users to:

– Update to the latest software version
– Change administrator passwords
– Rotate Technician account passwords
– Restrict IP addresses for Technician and administrator logins

Given the critical nature of these vulnerabilities and their potential for exploitation, immediate action is recommended for all SimpleHelp users.

Share This Article