Multiple severe security vulnerabilities have been discovered in SimpleHelp remote access software, putting organizations at risk of data breaches and system compromises. The flaws were identified by Horizon3.ai security researcher Naveen Sunkavally.
Three major vulnerabilities were found that could allow attackers to steal sensitive files, escalate user privileges, and potentially execute malicious code on affected systems:
- An unauthenticated path traversal bug (CVE-2024-57727) enables downloading of arbitrary files from SimpleHelp servers, including configuration files containing password hashes
- A file upload vulnerability (CVE-2024-57728) lets attackers with admin access upload files anywhere on the server, opening the door for remote code execution
- A privilege escalation flaw (CVE-2024-57726) allows low-privilege technician accounts to gain full admin rights by exploiting missing authorization checks
The researchers note that these vulnerabilities are straightforward to exploit, raising serious concerns. An attacker could potentially chain multiple flaws together - first gaining admin access through privilege escalation, then uploading malicious files to take control of the SimpleHelp server.
SimpleHelp has patched these security issues in versions 5.3.9, 5.4.10, and 5.5.8, released in early January after the vulnerabilities were privately disclosed on January 6th.
Users are strongly advised to update their SimpleHelp installations immediately. The company also recommends changing administrator and technician account passwords, and implementing IP address restrictions for admin logins.
Given that cyber attackers frequently target remote access tools to maintain persistent access to compromised networks, prompt patching of these vulnerabilities is critical for maintaining system security.