N-central Critical Security Fix Details

Posted on July 2, 2024 by Matt Miller

In alignment with our commitment to transparency and trust, N-able published two CVEs for vulnerabilities within N-able N-central.

CVE-2024-28200 details how the N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.

CVE-2024-28200 was addressed in N-central 2023.9 HF1 and N-central 2024.3, was discovered through internal N-central source code review, and N-able has not observed any exploitation in the wild.

CVE-2024-5322addressed in N-central 2024.3, details how the N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3

CVE-2024-5322 was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

N-able is committed to maintaining the highest standards of trust and transparency. In line with this commitment, we are proactively releasing these CVEs for our product to ensure our customers are fully informed and can take necessary actions to secure their systems.

This entry was posted in N-central, Security Notices and tagged . Bookmark the permalink.