Lucene search

A5532a13-c4dd-4202-bef1-e0b8f2f8d12bNVD:CVE-2024-28200

HistoryJul 01, 2024 - 9:15 p.m.

CVE-2024-28200

2024-07-0121:15:03

CWE-288

CWE-287

a5532a13-c4dd-4202-bef1-e0b8f2f8d12b

web.nvd.nist.gov

n-central

authentication bypass

vulnerability

user interface

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.

This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

Affected configurations

Nvd

Node

n-ablen-centralRange<2024.2

VendorProductVersionCPE
n-ablen-central*cpe:2.3:a:n-able:n-central:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
n-able	n-central	*	cpe:2.3:a:n-able:n-central::::::::

References

documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htm

me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypass

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

Related for NVD:CVE-2024-28200