Cybersecurity researchers have disclosed a number of safety flaws in SimpleHelp distant entry software program that would result in info disclosure, privilege escalation, and distant code execution.
Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, mentioned the “vulnerabilities are trivial to reverse and exploit.”
The checklist of recognized flaws is as follows –
- CVE-2024-57727 – An unauthenticated path traversal vulnerability that enables an attacker to obtain arbitrary recordsdata from the SimpleHelp server, together with the serverconfig.xml file that comprises hashed passwords for the SimpleHelpAdmin account and different native technician accounts
- CVE-2024-57728 – An arbitrary file add vulnerability that enables an attacker with SimpleHelpAdmin privileges (or as a technician with admin privileges) to add arbitrary recordsdata anyplace on the SimpleServer host, probably resulting in distant code execution
- CVE-2024-57726 – A privilege escalation vulnerability that enables an attacker who features entry as a low-privilege technician to raise their privileges to an admin by making the most of lacking backend authorization checks
In a hypothetical assault state of affairs, CVE-2024-57726 and CVE-2024-57728 might be chained by a nasty actor to change into an admin person and add arbitrary payloads to grab management of the SimpleHelp server.
Horizon3.ai mentioned it is withholding further technical particulars concerning the three vulnerabilities given their criticality and the convenience of weaponization. Following accountable disclosure on January 6, 2025, the failings have been addressed in SimpleHelp variations 5.3.9, 5.4.10, and 5.5.8 launched on January 8 and 13.
With menace actors identified to leverage distant entry instruments to ascertain persistent distant entry to focus on environments, it is essential that customers transfer shortly to use the patches.
As well as, SimpleHelp is recommending that customers change the administrator password of the SimpleHelp server, rotate the passwords for Technician accounts, and prohibit the IP addresses that the SimpleHelp server can anticipate Technician and administrator logins from.