The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted critical security issues impacting SimpleHelp’s remote support software. Two vulnerabilities, which are currently being exploited, pose significant risks to organizations using this platform.
Understanding the Threat
Remote access solutions like SimpleHelp are prime targets for cybercriminals due to their capability to access corporate networks directly. Once compromised, these tools enable attackers to circumvent traditional security measures, laying the groundwork for more severe attacks.
Organizations relying on SimpleHelp are advised to act swiftly to protect their systems from potential breaches.
Details of the Vulnerabilities
The first vulnerability, identified as CVE-2024-57726, is a missing authorization flaw. This issue undermines the role-based access control mechanisms within SimpleHelp, allowing low-privileged users to obtain unauthorized access by creating API keys with elevated permissions. This can lead to privilege escalation, granting attackers full administrative rights over the system and connected devices.
The second issue, CVE-2024-57728, is a path traversal vulnerability. Known as a “zip slip” attack, it allows authenticated users to upload malicious files to arbitrary locations on the server’s filesystem. Attackers can exploit this flaw to execute unauthorized code, leveraging the SimpleHelp user’s permissions for further network penetration.
Response and Mitigation
On April 24, 2026, CISA added these vulnerabilities to its Known Exploited Vulnerabilities catalog, urging immediate action due to ongoing exploitation. CISA has set a remediation deadline of May 8, 2026, for affected entities to secure their systems.
Security teams are advised to prioritize updates and patches as provided by SimpleHelp. Additional measures include monitoring for unusual activities, such as unexpected API key generation or unfamiliar file uploads originating from the SimpleHelp server.
In cases where mitigation is not feasible, discontinuing the use of SimpleHelp and disconnecting it from network access is recommended.
For continuous updates on cybersecurity threats, follow us on Google News, LinkedIn, and X. Reach out if you wish to contribute your cybersecurity insights.
