Vulnerabilities > CVE-2024-57726 - Unspecified vulnerability in Simple-Help Simplehelp

CVSS 9.9 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

simple-help

critical

NVD

Published: 2025-01-15

Updated: 2025-01-31

Summary

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Vulnerable Configurations

Part	Description	Count
Application	Simple-Help Simple Help Simplehelp *	1

References

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/