What is the Vulnerability?FortiGuard Labs continues to observe ongoing attack attempts targeting SimpleHelp, a Remote Monitoring and Management (RMM) software, due to a critical unauthenticated path traversal vulnerability (CVE-2024-57727) affecting versions 5.5.7 and earlier. This flaw allows remote attackers to access and download arbitrary files from the server without authentication, simply by sending specially crafted HTTP requests. The exposed files may contain highly sensitive information, including server configuration data, hashed administrator passwords, API keys, and other credentials. The root cause is improper input validation, which lets attackers manipulate file paths to reach files outside the intended directories. Due to active exploitation, this vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog in February 2025.What is the recommended Mitigation?To mitigate this vulnerability, users should upgrade to SimpleHelp versions 5.5.8, 5.4.10, or 5.3.9, which specifically address the path traversal issue (CVE-2024-57727). Additionally, it is strongly recommended that all SimpleHelp users upgrade to the latest available version, which includes fixes for multiple critical vulnerabilities — CVE-2024-57726 (privilege escalation), CVE-2024-57727 (path traversal), and CVE-2024-57728 (arbitrary file upload) – to ensure comprehensive protection.What FortiGuard Coverage is available?FortiGuard Intrusion Prevention Service (IPS): An IPS signature is available to detect and block exploit attempts targeting CVE-2024-57727 Path traversal vulnerability. Intrusion Prevention | FortiGuard LabsFortiGuard Endpoint Vulnerability Service: A systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface.Endpoint Vulnerability | FortiGuard LabsFortiGuard Antimalware and Sandbox Service: Delivers protection against known malware and uses advanced behavioral analysis to detect and block unknown threats.Indicators of Compromise (IOC): FortiGuard Labs has blocked all the known Indicators of Compromise IOCs linked to the campaigns targeting the SimpleHelp Vulnerabilities (CVE-2024-57727, CVE-2024-57728, CVE-2024-57726).Incident Response: The FortiGuard Incident Response team is available to assist with any suspected compromise.Read More
SimpleHelp Path Traversal Vulnerability
by
Tags: