VDB

CVE-2024-57727

CVE-2024-57727 PUBLISHED KEV

Today, CISA released Cybersecurity Advisory: Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider. This advisory is in response to ransomware actors targeting customers of a utility billing software provider through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM). This incident is part of a broader trend of ransomware actors exploiting unpatched versions of SimpleHelp RMM since January 2025. SimpleHelp versions 5.5.7 and earlier contain multiple vulnerabilities, including CVE-2024-57727, a path traversal vulnerability. Ransomware actors likely exploited CVE-2024-57727 to access downstream customers’ unpatched SimpleHelp RMM, resulting in service disruptions and double extortion incidents. CISA added CVE-2024-57727 to its Known Exploited Vulnerabilities Catalog on February 13, 2025. Organizations using SimpleHelp RMM should: Search for evidence of compromise, Apply the mitigations outlined in the advisory such as patching CVE-2024-57727 and/or implementing appropriate workarounds to prevent or respond to confirmed or potential compromises, and Follow CISA’s Known Exploited Vulnerabilities Catalog.

EPSS 94.05% · 99.9th percentile

Risk Scores

EPSS Score
94.05%
99.9th percentile

Timeline

  • Jan 15, 2025 CVE Published
  • Jan 15, 2025 PoC Published
  • Jan 15, 2025 PoC Published
  • Jan 15, 2025 PoC Published
  • Jan 16, 2025 EPSS Score
  • Jan 17, 2025 PoC Published
  • Jan 19, 2025 PoC Published
  • Jan 21, 2025 PoC Published
  • Jan 21, 2025 PoC Published
  • Jan 26, 2025 PoC Published
  • Jan 27, 2025 PoC Published
  • Jan 27, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›