Exposures › CVE-2024-57727
CVE-2024-57727
SimpleHelp remote support software suffered a critical path traversal flaw allowing unauthenticated attackers to download sensitive files like config and hashed passwords.
The vulnerability in SimpleHelp's remote support software allowed unauthenticated attackers to exploit path traversal flaws to download arbitrary files, including server configurations and hashed user passwords. DIB organizations must ensure all remote support and management tools are patched and monitored, as this flaw was actively exploited in the wild and linked to ransomware campaigns. Failure to patch such tools exposes sensitive data and violates CMMC/NIST 800-171 requirements for protecting unclassified information.
Shame score — A critical, actively exploited path traversal flaw in widely deployed remote support software that exposed sensitive data and was linked to ransomware, demonstrating severe negligence and avoidable risk.
Players implicated
Description
SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.
Affected FedRAMP products 0 in the catalog
No correlated FedRAMP products.