FortiGuard Outbreak Alert: SimpleHelp Support Software Attack
| Description | FortiGuard Labs have observed exploitation attempts of CVE-2024-57727 in SimpleHelp.
SimpleHelp is a remote support and access software that allows technicians to securely control and manage computers over the internet.
CVE-2024-57727 is a path traversal vulnerability which allowed unauthenticated attackers to download arbitrary files from the SimpleHelp host via specially crafted HTTP requests.
The following versions of SimpleHelp are vulnerable to CVE-2024-57727:
| ||||||
| CVE ID | CVE-2024-57727 (https://nvd.nist.gov/vuln/detail/CVE-2024-57727) | ||||||
| NDR Cloud Detection Rule | FortiNDR Cloud v25.2.b+
| ||||||
| Playbook | N/A | ||||||
| Threat Hunting | FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “SimpleHelp Support Software Attack” related activities. IOC source: https://www.fortiguard.com/outbreak-ioc?tag=SimpleHelp%20Ransomware%20Attack All IOCs relating to "SimpleHelp Support Software Attack" have been added to Threat Intelligence Intel. | ||||||
| Suricata Coverage | Customers can create custom investigation/detections using the Suricata signatures below: 2059843 -> ET WEB_SPECIFIC_APPS SimpleHelp Support Server Unauthenticated Path Traversal (serverconfig.xml) (CVE-2024-57727) | ||||||
| Other Fortinet Products | For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to: https://www.fortiguard.com/outbreak-alert/simplehelp-ransomware-attack |