Skip to main content

N Central CVE-2020-25617

HIGH
Path Traversal (CWE-22)
2020-12-16 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 16, 2020 - 14:15 nvd
HIGH 8.8

DescriptionNVD

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root.

AnalysisAI

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root. Affected products include: Solarwinds N-Central.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2025-11700 HIGH POC
8.4 Nov 12

N-able N-central remote monitoring and management platform versions before 2025.4 contain multiple XML External Entity i

CVE-2025-8876 CRITICAL
9.4 Aug 14

N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerabi

CVE-2024-28200 CRITICAL POC
9.8 Jul 01

The N-central server is vulnerable to an authentication bypass of the user interface. Rated critical severity (CVSS 9.8)

CVE-2020-15909 HIGH POC
8.8 Oct 19

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. Rated hig

CVE-2020-7984 HIGH POC
7.5 Jan 26

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain ad

CVE-2024-5322 CRITICAL
9.1 Jul 01

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can l

CVE-2020-25622 HIGH
8.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2020-25618 HIGH
8.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2020-25621 HIGH
8.4 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.4), this vulnerability is no aut

CVE-2020-25620 HIGH
7.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 7.8), this vulnerability is low at

CVE-2023-30297 HIGH
7.0 Aug 04

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code v

CVE-2024-8510 MEDIUM
5.3 Mar 17

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Rated

Share

CVE-2020-25617 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy