CVE-2024-57727

Known Exploited Vulnerability Entry External Catalog

Back to Catalog View Vulnerability
Entry Details

CVE-2024-57727

Confirmed

Yes

2025-02-13 00:00 UTC

Timestamps

2025-02-13

2025-02-13

Scope

KEV entry: SimpleHelp Path Traversal Vulnerability | Affected: SimpleHelp / SimpleHelp | Description: SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-06 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://simple-help.com/kb---security-vulnerabilities-01-2025 ; Additional CISA Mitigation Instructions: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a ; https://nvd.nist.gov/vuln/detail/CVE-2024-57727

References
  • {'id': 'CVE-2024-57727', 'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-57727'}

4ea1ad28-43e8-43fd-97b0-b24cdbdbc8b0

405284c2-e461-4670-8979-7fd2c9755a60

2026-02-02 13:24 UTC

2026-02-06 07:53 UTC

Evidence (1)
Type Source Signal Confidence Details GCVE Metadata
vendor_report cisa-kev successful_exploitation 0.80
View details 
{
  "cwes": [
    "CWE-22"
  ],
  "date_added": "2025-02-13",
  "due_date": "2025-03-06",
  "feed": "CISA Known Exploited Vulnerabilities Catalog",
  "knownRansomwareCampaignUse": "Known",
  "product": "SimpleHelp",
  "vendorProject": "SimpleHelp ",
  "vulnerabilityName": "SimpleHelp Path Traversal Vulnerability"
}
 -
Export Options
JSON Object JSON API View Full Catalog