OpenCVE

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
N-able	N-central

Configuration 1 [-]

cpe:2.3:a:n-able:n-central:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htm
https://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypass

History

Thu, 22 Aug 2024 14:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-287
CPEs		cpe:2.3:a:n-able:n-central::::::::

MITRE

Status: PUBLISHED

Assigner: N-able

Published: 2024-07-01T20:49:38.092Z

Updated: 2024-08-02T00:48:49.431Z

Reserved: 2024-03-06T21:04:58.306Z

Link: CVE-2024-28200

Vulnrichment

Updated: 2024-07-02T15:29:31.364Z

NVD

Status : Modified

Published: 2024-07-01T21:15:03.143

Modified: 2024-11-21T09:06:00.940

Link: CVE-2024-28200

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28200", "assignerOrgId": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b", "state": "PUBLISHED", "assignerShortName": "N-able", "dateReserved": "2024-03-06T21:04:58.306Z", "datePublished": "2024-07-01T20:49:38.092Z", "dateUpdated": "2024-08-02T00:48:49.431Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "N-central", "vendor": "N-able", "versions": [{"status": "affected", "version": "<2024.2", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.<br><br>This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.</span><br><p></p>"}], "value": "The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.\n\nThis vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b", "shortName": "N-able", "dateUpdated": "2024-07-01T20:49:38.092Z"}, "references": [{"url": "https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htm"}, {"url": "https://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypass"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to N-central version 2024.2 or higher<br>"}], "value": "Upgrade to N-central version 2024.2 or higher"}], "source": {"discovery": "UNKNOWN"}, "title": "N-central Authentication Bypass", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "n-able", "product": "n-central", "cpes": ["cpe:2.3:a:n-able:n-central:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2024.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T15:26:44.028676Z", "id": "CVE-2024-28200", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T15:29:43.735Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.431Z"}, "title": "CVE Program Container", "references": [{"url": "https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htm", "tags": ["x_transferred"]}, {"url": "https://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypass", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28200", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-02T15:26:44.028676Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:n-able:n-central:-:*:*:*:*:*:*:*"], "vendor": "n-able", "product": "n-central", "versions": [{"status": "affected", "version": "0", "lessThan": "2024.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T15:29:31.364Z"}}], "cna": {"title": "N-central Authentication Bypass", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "N-able", "product": "N-central", "versions": [{"status": "affected", "version": "<2024.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to N-central version 2024.2 or higher", "supportingMedia": [{"type": "text/html", "value": "Upgrade to N-central version 2024.2 or higher<br>", "base64": false}]}], "references": [{"url": "https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htm"}, {"url": "https://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypass"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.\n\nThis vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.<br><br>This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.</span><br><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b", "shortName": "N-able", "dateUpdated": "2024-07-01T20:49:38.092Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28200", "state": "PUBLISHED", "dateUpdated": "2024-07-02T15:29:43.735Z", "dateReserved": "2024-03-06T21:04:58.306Z", "assignerOrgId": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b", "datePublished": "2024-07-01T20:49:38.092Z", "assignerShortName": "N-able"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:n-able:n-central:*:*:*:*:*:*:*:*", "matchCriteriaId": "99868AED-F82D-4C33-990C-B749973BD9C0", "versionEndExcluding": "2024.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.\n\nThis vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild."}, {"lang": "es", "value": "El servidor N-central es vulnerable a una omisi\u00f3n de autenticaci\u00f3n de la interfaz de usuario. Esta vulnerabilidad est\u00e1 presente en todas las implementaciones de N-central anteriores a 2024.2. Esta vulnerabilidad se descubri\u00f3 a trav\u00e9s de una revisi\u00f3n interna del c\u00f3digo fuente de N-central y N-able no ha observado ninguna explotaci\u00f3n en la naturaleza."}], "id": "CVE-2024-28200", "lastModified": "2024-11-21T09:06:00.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-01T21:15:03.143", "references": [{"source": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b", "tags": ["Vendor Advisory"], "url": "https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htm"}, {"source": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b", "tags": ["Release Notes"], "url": "https://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypass"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypass"}], "sourceIdentifier": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}