Lucene search

A5532a13-c4dd-4202-bef1-e0b8f2f8d12bNVD:CVE-2024-28200

HistoryJul 01, 2024 - 9:15 p.m.

CVE-2024-28200

2024-07-0121:15:03

CWE-288

a5532a13-c4dd-4202-bef1-e0b8f2f8d12b

web.nvd.nist.gov

n-central

authentication bypass

vulnerability

user interface

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.

This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

References

documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htm

me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypass

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-28200