The following vulnerability was addressed in N-central 2023.4 (released on June 22, 2023):
CVE-2023-30297 could allow for the N-central agent to be vulnerable to a Man in the Middle (MITM) attack due to the certificate errors not being recognized by the N-central agent when connecting to the N-central server.
To get information on upgrading, please see these links:
- N-central 2023.4: https://status.n-able.com/2023/06/22/announcing-the-ga-of-n-central-2023-4/
- N-central 2022.7 HF 1: https://status.n-able.com/2023/07/25/announcing-the-ga-of-n-central-2022-7-hf1/
The N-central agent may be vulnerable to a Man in the Middle (MITM) attack due to the certificate errors not being recognized by the N-central agent when connecting to the N-central server.
The CVSS, as scored by the N-able Security Team, is 8.1(High). N-able is recommending all N-central customers update the N-central server and all N-central agents to 2023.4.
We want to thank Comitor for their assistance in reporting the issue in a responsible manner and helping N-able test the fix for this issue.