N-central Server Vulnerable to Session Rebinding, Affecting All Entra-Supported Deployments
CVE-2024-5322

9.1CRITICAL

Key Information:

Vendor: N-able
Status: N-central
Vendor: CVE Published:; 1 July 2024

Summary

The N-central server by N-able is vulnerable to a session rebinding issue that targets authenticated users utilizing Entra Single Sign-On (SSO) functionality. This vulnerability poses a risk by potentially allowing unauthorized access through authentication bypass. It is crucial to note that this vulnerability affects all N-central deployments that are compatible with Entra and have not been updated to version 2024.3 or later. Organizations using older versions of N-central are encouraged to assess their exposure and take necessary actions to remediate this security concern promptly.

Affected Version(s)

N-central <2024.3

References

https://documentation.n-able.com/N-central/Release_Notes/...

https://me.n-able.com/s/security-advisory/aArVy0000000BgD...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2024
Vulnerability Reserved
May 24, 2024