Lucene search

A5532a13-c4dd-4202-bef1-e0b8f2f8d12bCVE-2024-5322

HistoryJul 01, 2024 - 9:15 p.m.

CVE-2024-5322

2024-07-0121:15:04

CWE-288

a5532a13-c4dd-4202-bef1-e0b8f2f8d12b

web.nvd.nist.gov

n-central

entra sso

session rebinding

authentication bypass

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass.

This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "N-central",
    "vendor": "N-able",
    "versions": [
      {
        "status": "affected",
        "version": "<2024.3",
        "versionType": "custom"
      }
    ]
  }
]

References

documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.3%20Release%20Notes.htm

me.n-able.com/s/security-advisory/aArVy0000000BgDKAU/cve20245322-ncentral-authentication-bypass-via-session-rebinding

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-5322