CVE-2024-57727

SimpleHelp lets support staff connect to computers remotely, and that software also serves files over the internet. In this flaw, attackers can trick the software into “reaching into” the server and downloading files they shouldn’t, simply by sending specially made web requests. Those downloads can include secret server settings and password data, which can then be used for further break-ins.

This matters to you if you use or run SimpleHelp remote support software from Simplehelp Ltd / SimpleHelp (specifically SimpleHelp v5.5.7 and before). If SimpleHelp is reachable from the internet, the risk is much higher because the attacker can directly send the crafted requests to your SimpleHelp host. Because it’s already been exploited in real attacks, this is not just a theoretical issue.

Act immediately: the traffic-light verdict is RED because the vulnerability is actively being exploited in the wild and is tied to ransomware activity. The estimated likelihood of exploitation in the next 30 days is extremely high, which means waiting increases the chance you’ll be targeted. Even though no public exploit is listed here, real attackers are already using it, so you should treat this as urgent incident-level work.

1. Update SimpleHelp to a version newer than v5.5.7 as soon as possible (or ask your IT/support vendor for the exact fixed version). 2) If you can’t update right away, restrict SimpleHelp so it is not directly reachable from the internet (allow only approved networks/IPs or use a secure remote access method). 3) Check SimpleHelp logs and any server-access logs for unusual “download” or web-request activity around the SimpleHelp host, and reset exposed credentials if you find signs of access.