Critical Vulnerabilities Found in SimpleHelp Software
/ 1 min read
🛠️ Critical vulnerabilities discovered in SimpleHelp remote access software. Cybersecurity researchers have identified multiple security flaws in SimpleHelp that could lead to information disclosure, privilege escalation, and remote code execution. Key vulnerabilities include CVE-2024-57727, allowing unauthenticated file downloads; CVE-2024-57728, enabling arbitrary file uploads by users with admin privileges; and CVE-2024-57726, which permits privilege escalation for low-privilege technicians. These vulnerabilities can be exploited in tandem to gain admin access and control over the server. Following responsible disclosure, SimpleHelp has released patches in versions 5.3.9, 5.4.10, and 5.5.8. Users are urged to apply these updates promptly and change their administrator passwords to enhance security.
