N Central
CVE-2024-5322
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from Vendor (a5532a13-c4dd-4202-bef1-e0b8f2f8d12b) · only source for this CVE.
CVSS VectorVendor: a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass.
This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.
AnalysisAI
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-288. The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3. Affected products include: N-Able N-Central. Version information: prior to 2024.3..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
N-able N-central remote monitoring and management platform versions before 2025.4 contain multiple XML External Entity i
N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerabi
The N-central server is vulnerable to an authentication bypass of the user interface. Rated critical severity (CVSS 9.8)
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. Rated hig
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain ad
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.4), this vulnerability is no aut
An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 7.8), this vulnerability is low at
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code v
N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Rated
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today