KEVIntel
Back to KEVs
7.5
CVSS
High

CVE-2024-57727

PUBLISHED

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote...

Exploited in the wild Used in malware PoC available Remote Low complexity No user interaction
Vendor
SimpleHelp
Product
SimpleHelp
Published
Jan 15, 2025
EPSS

Description

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

cisa malware nuclei_scanner nessus_scanner

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2025-02-13 00:00:00 UTC · Source

Used in malware

Recorded 2026-06-02 14:08:22 UTC · Source

Proof of concept available

Recorded 2025-01-17 15:45:51 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Feb 13, 2025

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-57727.yaml Apr 25, 2025
Nessus https://www.tenable.com/plugins/nessus/233191 Mar 21, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

imjdl/CVE-2024-57727

github · Created 2025-01-17 15:45:51 UTC · 12 stars

CVE-2024-57727

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Added to KEVIntel

  • Detected by Nessus

  • Detected by Nuclei

  • Exploit Used in Malware