Skip to main content

N Central CVE-2020-25619

MEDIUM
2020-12-16 cve@mitre.org
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 16, 2020 - 14:15 nvd
MEDIUM 4.4

DescriptionNVD

An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication.

AnalysisAI

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication. Affected products include: Solarwinds N-Central.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-11700 HIGH POC
8.4 Nov 12

N-able N-central remote monitoring and management platform versions before 2025.4 contain multiple XML External Entity i

CVE-2025-8876 CRITICAL
9.4 Aug 14

N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerabi

CVE-2024-28200 CRITICAL POC
9.8 Jul 01

The N-central server is vulnerable to an authentication bypass of the user interface. Rated critical severity (CVSS 9.8)

CVE-2020-15909 HIGH POC
8.8 Oct 19

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. Rated hig

CVE-2020-7984 HIGH POC
7.5 Jan 26

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain ad

CVE-2024-5322 CRITICAL
9.1 Jul 01

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can l

CVE-2020-25622 HIGH
8.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2020-25618 HIGH
8.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2020-25617 HIGH
8.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2020-25621 HIGH
8.4 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.4), this vulnerability is no aut

CVE-2020-25620 HIGH
7.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 7.8), this vulnerability is low at

CVE-2023-30297 HIGH
7.0 Aug 04

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code v

Share

CVE-2020-25619 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy