Ecosystem Agent Insufficient Transport Layer Security
CVE-2024-5445

3.8LOW

Key Information:

Vendor: N-able
Status: Ecosystem Agent
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-5445?

Ecosystem Agent version 4 < 4.5.1.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position.

Affected Version(s)

Ecosystem Agent <4.5.1.2597 < 4.5.1.2597

Ecosystem Agent < 5.1.4.2473 < 5.1.4.2473

References

https://me.n-able.com/s/article/How-to-check-Ecosystem-Ag...

https://me.n-able.com/s/security-advisory/aArVy0000000Bhp...

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
May 28, 2024