N Central
CVE-2020-7984
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.
AnalysisAI
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-319. SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. Affected products include: Solarwinds N-Central. Version information: before 12.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
N-able N-central remote monitoring and management platform versions before 2025.4 contain multiple XML External Entity i
N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerabi
The N-central server is vulnerable to an authentication bypass of the user interface. Rated critical severity (CVSS 9.8)
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. Rated hig
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can l
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.4), this vulnerability is no aut
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 7.8), this vulnerability is low at
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code v
N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Rated
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today