FortiGuard Outbreak Alert: SimpleHelp Support Software Attack

kcheung · ‎06-17-2025

Description

FortiGuard Labs have observed exploitation attempts of CVE-2024-57727 in SimpleHelp.

SimpleHelp is a remote support and access software that allows technicians to securely control and manage computers over the internet.

CVE-2024-57727 is a path traversal vulnerability which allowed unauthenticated attackers to download arbitrary files from the SimpleHelp host via specially crafted HTTP requests.

The following versions of SimpleHelp are vulnerable to CVE-2024-57727:

Version < 5.5.8

CVE ID

CVE-2024-57727 (https://nvd.nist.gov/vuln/detail/CVE-2024-57727)

NDR Cloud Detection Rule

FortiNDR Cloud v25.2.b+

Detection Rule Name	Category	Primary MITRE ID
FortiGuard Outbreak Alert: SimpleHelp Remote Support Path Traversal - CVE-2024-57727	Attack: Exploitation	T1190 - Exploit Public-Facing Application

Playbook

N/A

Threat Hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “SimpleHelp Support Software Attack” related activities.

IOC source: https://www.fortiguard.com/outbreak-ioc?tag=SimpleHelp%20Ransomware%20Attack

All IOCs relating to "SimpleHelp Support Software Attack" have been added to Threat Intelligence Intel.

Suricata Coverage

Customers can create custom investigation/detections using the Suricata signatures below:

2059843 -> ET WEB_SPECIFIC_APPS SimpleHelp Support Server Unauthenticated Path Traversal (serverconfig.xml) (CVE-2024-57727)

Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to:
https://www.fortiguard.com/outbreak-alert/simplehelp-ransomware-attack

FortiGuard Outbreak Alert: SimpleHelp Support Software Attack

You are leaving our website