On March 25, 2021, our partner, Omega Systems, reported that an unquoted service path vulnerability existed within our Windows Ecosystem Agent services for N-able™ RMM and N-central®. This vulnerability may allow a malicious actor to execute their own malicious payloads by hijacking vulnerable file path references. We immediately implemented a hotfix to the Ecosystem Agent, beginning with version number 126.96.36.1998, which automatically updates the agents to the latest version. The Ecosystem Agent checks hourly for new versions and, once detected, will automatically update; no end user action is required for the update to occur.
N-central customers with agents running 2021.1 or higher will have the ecosystem agent automatically installed and could be impacted by this.
RMM Customers who have enabled EDR could be impacted by this.
Please contact support (https://success.n-able.com/) if you have any questions.