CVE-2024-28200

high-risk
Published 2024-07-01

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

Do I need to act?

!
52.9% chance of exploitation in next 30 days
EPSS score — higher than 47% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

N-Able

References (4)

Vendor Advisory https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Rel...
Release Notes https://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentr...
Vendor Advisory https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Rel...
Release Notes https://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentr...
54
/ 100
high-risk
Severity 31/34 · Critical
Exploitability 18/34 · Moderate
Exposure 5/34 · Minimal