CVE-2024-57728 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-01-15

Added to CISA KEV: 2026-04-24 464 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update SimpleHelp to version 5.5.8 or later
Review admin user accounts and audit recent zip file uploads
Monitor file system for suspicious files in unexpected locations
Consider temporarily restricting admin upload capabilities until patching is complete
Implement network segmentation to limit exposure if not already done

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-57728 is a critical path traversal vulnerability affecting SimpleHelp remote support software versions 5.5.7 and earlier ^[2].

Vulnerability Overview

Nature of Vulnerability: Path traversal / Arbitrary File Upload ^[1].
Mechanism: An authenticated attacker with administrator privileges can upload a crafted ZIP file to the server, which allows them to write arbitrary files anywhere on the underlying file system ^[2] ^[3].
Impact: Successful exploitation allows the attacker to execute arbitrary code in the context of the SimpleHelp server user ^[1].

Exploitation and Threat Landscape

Active Exploitation: There have been reports of active exploitation in the wild, often as part of a vulnerability chain involving other SimpleHelp vulnerabilities (such as CVE-2024-57726) ^[1].
Requirements:

* Authentication: The attacker must be authenticated with administrator privileges ^[1]. * Network vs. Local: This is a remote vulnerability, meaning it can be exploited over the network by an attacker who has gained administrative access to the SimpleHelp instance ^[1].

Campaign Usage: Due to its nature as a remote support tool, compromised instances are high-value targets for threat actors, as they provide a foothold into the networks of the organizations that use the software. It has been observed in active exploit chains, though specific attribution to ransomware groups is often part of broader, ongoing security monitoring ^[1].

Affected Versions and Mitigation

Affected Versions: SimpleHelp versions 5.5.7 and earlier ^[2].
Status: Users are strongly advised to update to the latest version of SimpleHelp to remediate this vulnerability. Organizations should review their SimpleHelp logs for unauthorized administrative activity or unexpected file uploads, especially if they have not yet patched their instances.

Sources

Active Exploitation of Critical Vulnerability Chain in SimpleHelp
CVE-2024-57728 is a 'path traversal' vulnerability with a CVSSv3 score of 7.2. If exploited, a remote, authenticated attacker with administrator privileges could upload arbitrary files anywhere on the file system, which could allow the attacker to execute arbitrary code in the context of the SimpleH…
CVE-2024-57728 Detail - NVD
CVE-2024-57728 Detail. Description. SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file ...
CVE-2024-57728 | Tenable®
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file.