SimpleHelp: CVE-2024-57727
Premium roomLearn how attackers can exploit CVE-2024-57727 and how to detect that.
easy
To access material, start machines and answer questions login.
SimpleHelp (opens in new tab) is a system that facilitates remote support, access, and work, among other uses. It is mainly used by IT professionals and support teams to allow them to support their users remotely. It can be installed on , MS Windows, and macOS servers.
After various vulnerabilities affecting other remote support and remote access software were discovered, Horizon3. was curious to check SimpleHelp’s software. In their blog post (opens in new tab), they state to have discovered three vulnerabilities: -2024-57726 (opens in new tab), -2024-57727 (opens in new tab), and -2024-57728 (opens in new tab):
- -2024-57726 allows privilege escalation from a technician role to a SimpleHelp server admin role.
- -2024-57727 is a path traversal vulnerability that allows downloading arbitrary files, such as
serverconfig.xml, from the SimpleHelp server. - -2024-57728 allows a user with a SimpleHelp server admin role to upload files to the host server. In other words, users can create and upload a crontab job file to a server or overwrite existing binaries on a Windows server to run programs of their choosing.
In this room, we will demonstrate the exploitation and detection of -2024-57727.
It’s time to dive into a path traversal vulnerability.
Ready to learn Cyber Security?
The SimpleHelp: CVE-2024-57727 room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in