CVE-2024-57726
Published: 15 January 2025
Summary
CVE-2024-57726 is a critical-severity Missing Authorization (CWE-862) vulnerability in Simple-Help Simplehelp. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 2.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-6 enforces least privilege, directly preventing low-privileged technicians from creating API keys with excessive permissions that enable server admin privilege escalation.
AC-3 requires enforcement of approved authorizations, mitigating the missing authorization (CWE-862) that allows creation of over-privileged API keys.
AC-2 mandates management of accounts and associated privileges, including API keys, to restrict low-privileged users from escalating via unauthorized key creation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows low-privilege technicians to create API keys with excessive permissions, enabling exploitation for privilege escalation to the server admin role.
NVD Description
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
Deeper analysisAI
CVE-2024-57726 is a critical vulnerability in SimpleHelp remote support software versions 5.5.7 and earlier. It enables low-privileged technicians to create API keys with excessive permissions, which can then be leveraged to escalate privileges to the server administrator role. The issue carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is linked to CWE-862 (Missing Authorization), with additional NVD-CWE-noinfo categorization.
Low-privileged technicians with network access to the affected SimpleHelp instance can exploit this vulnerability without requiring user interaction or high complexity. Exploitation allows creation of over-privileged API keys, resulting in full server admin access and potential high-impact compromise across confidentiality, integrity, and availability due to the scope change.
Vendor and security advisories, including SimpleHelp's knowledge base article on vulnerabilities in v5.5.7 and earlier, Horizon3.ai's disclosure on critical flaws in the software, and its listing in the CISA Known Exploited Vulnerabilities Catalog, outline patches and mitigation steps for affected deployments.
This vulnerability has seen real-world exploitation, as evidenced by its inclusion in CISA's KEV catalog and references in reports on ransomware operations, such as Microsoft’s analysis of Storm-1175 targeting web-facing assets in Medusa ransomware campaigns and Trend Micro’s coverage of DragonForce ransomware activity.
Details
- CWE(s)
- KEV Date Added
- 24 April 2026