CVE-2024-28200
published 2024-07-01CVE-2024-28200: The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to…
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.95%
77.7th percentile
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.
This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n-able | n-central | < 2024.2 | 2024.2 |
| n-able | n-central | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/login
otherncentralVersion:\s*"(202\d+\.\d+\.\d+\.\d+)"
- →Probe GET /login and match the HTML body for the string class="ncentral" to fingerprint an N-central login page; then extract the version from the ncentralVersion JavaScript field and flag instances running < 2024.2.
- →Use the Shodan dork 'http.title:"N-central Login"' to discover internet-exposed N-central instances for further version-based triage.
- →Extract the running N-central version from the JavaScript variable ncentralVersion in the login page response; versions prior to 2024.2 are vulnerable to authentication bypass (CVE-2024-28200).
- ·The vulnerability affects ALL deployment configurations of N-central prior to 2024.2; no special preconditions (network position, authentication, or user interaction) are required for exploitation. ↗
- ·N-able states no in-the-wild exploitation has been observed as of the advisory date; however, the EPSS score of ~0.529 (97.9th percentile) indicates high community-assessed exploitation probability. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck6.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2wm2-45c2-f92h: The N-central server is vulnerable to an authentication bypass of the user interface
ghsa_unreviewed·2024-07-01
CVE-2024-28200 [CRITICAL] CWE-287 GHSA-2wm2-45c2-f92h: The N-central server is vulnerable to an authentication bypass of the user interface
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.
This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.
VulnCheck
N-able N-Central Authentication Bypass Using an Alternate Path or Channel
vulncheck·2024·CVSS 6.7
CVE-2024-28200 [MEDIUM] N-able N-Central Authentication Bypass Using an Alternate Path or Channel
N-able N-Central Authentication Bypass Using an Alternate Path or Channel
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.
This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.
Affected: N-able N-Central
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234
No detection rules found.
Nuclei
N-able N-central < 2024.2 - Authentication Bypass Detection
nuclei·CVSS 9.8
CVE-2024-28200 [CRITICAL] N-able N-central < 2024.2 - Authentication Bypass Detection
N-able N-central < 2024.2 - Authentication Bypass Detection
N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions.
Template:
id: CVE-2024-28200
info:
name: N-able N-central < 2024.2 - Authentication Bypass Detection
author: rxerium
severity: critical
description: |
N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions.
impact: |
Attackers can access sensitive user interface features, potentially leading to unauthorized data access or control.
remediation: |
Update to version 2024.2 o
No writeups or analysis indexed.
https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htmhttps://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypasshttps://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.2%20Release%20Notes.htmhttps://me.n-able.com/s/security-advisory/aArVy0000000673KAA/cve202428200-ncentral-authentication-bypass
2024-07-01
Published
Exploited in the wild