Multiple critical vulnerabilities have been discovered in SimpleHelp remote support software, posing significant risks to both servers and client machines. The flaws, identified by Horizon3.ai, include an unauthenticated path traversal vulnerability, allowing attackers to download arbitrary files, including sensitive server configuration files containing hashed passwords. Additionally, an arbitrary file upload vulnerability can lead to remote code execution for attackers with SimpleHelpAdmin or technician admin privileges. A third vulnerability allows low-privilege technicians to escalate to admin level by exploiting missing authorization checks.
Cybersecurity experts warn that these vulnerabilities are trivial to exploit and could be chained together to take complete control of the SimpleHelp server. The security flaws, now assigned CVE-2024-57727, CVE-2024-57728 and CVE-2024-57726, have been addressed in SimpleHelp versions 5.3.9, 5.4.10, and 5.5.8. Users are urged to update their software immediately and take additional security measures, including changing administrator passwords, rotating technician account passwords, and restricting login IPs. The vulnerabilities underscore the importance of patching quickly, as remote access tools are frequently targeted by threat actors.