CVE-2024-57726

Warnung

Medienbericht

EPSS 9.33%
Veröffentlicht 15.01.2025 23:15:09
Zuletzt bearbeitet 24.04.2026 19:26:52
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 12

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Simple-help ≫ Simplehelp Version < 5.5.8

24.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

SimpleHelp Missing Authorization Vulnerability

Schwachstelle

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.33%	0.947

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

27.04.2026 09:21

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

25.04.2026 08:20

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

10.04.2026 15:19

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

06.04.2026 19:00

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Release Notes

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/

Third Party Advisory

https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/

Technical Description

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57726

US Government Resource

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-57726

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-57726

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-57726

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-57726

24.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog