CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
CVE-2024-57726CVSS 9.9CISA KEVKnown Exploited

CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

CVSS
9.9 CRITICAL
EPSS
94.77%
Known exploited
yes
Product
SimpleHelp

What is known

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Sources