N-central Server Vulnerable to Authentication Bypass
CVE-2024-28200
9.8CRITICAL
Key Information:
- Vendor
- N-able
- Status
- N-central
- Vendor
- CVE Published:
- 1 July 2024
Summary
The N-central server developed by N-able has been identified as vulnerable to an authentication bypass within its user interface. This security flaw exists in all versions prior to the 2024.2 update, allowing unauthorized access to critical functionalities of the server. The vulnerability was unveiled during a thorough internal review of the N-central source code, although there have been no reported incidents of exploitation in real-world scenarios. Users of the affected versions are advised to update to the latest release to mitigate potential security risks.
Affected Version(s)
N-central <2024.2
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved