Skip to main content

N Central CVE-2020-25618

HIGH
OS Command Injection (CWE-78)
2020-12-16 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 16, 2020 - 14:15 nvd
HIGH 8.8

DescriptionNVD

An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file).

AnalysisAI

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file). Affected products include: Solarwinds N-Central.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2025-11700 HIGH POC
8.4 Nov 12

N-able N-central remote monitoring and management platform versions before 2025.4 contain multiple XML External Entity i

CVE-2025-8876 CRITICAL
9.4 Aug 14

N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerabi

CVE-2024-28200 CRITICAL POC
9.8 Jul 01

The N-central server is vulnerable to an authentication bypass of the user interface. Rated critical severity (CVSS 9.8)

CVE-2020-15909 HIGH POC
8.8 Oct 19

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. Rated hig

CVE-2020-7984 HIGH POC
7.5 Jan 26

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain ad

CVE-2024-5322 CRITICAL
9.1 Jul 01

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can l

CVE-2020-25622 HIGH
8.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2020-25617 HIGH
8.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2020-25621 HIGH
8.4 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.4), this vulnerability is no aut

CVE-2020-25620 HIGH
7.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 7.8), this vulnerability is low at

CVE-2023-30297 HIGH
7.0 Aug 04

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code v

CVE-2024-8510 MEDIUM
5.3 Mar 17

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Rated

Share

CVE-2020-25618 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy