cbcvebase.
CVE-2024-28200
published 2024-07-01

CVE-2024-28200: The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to…

PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.95%
77.7th percentile
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

Affected

2 ranges
VendorProductVersion rangeFixed in
n-ablen-central< 2024.22024.2
n-ablen-central

Detection & IOCsextracted from sources · hover to see the quote

url/login
otherncentralVersion:\s*"(202\d+\.\d+\.\d+\.\d+)"
  • Probe GET /login and match the HTML body for the string class="ncentral" to fingerprint an N-central login page; then extract the version from the ncentralVersion JavaScript field and flag instances running < 2024.2.
  • Use the Shodan dork 'http.title:"N-central Login"' to discover internet-exposed N-central instances for further version-based triage.
  • Extract the running N-central version from the JavaScript variable ncentralVersion in the login page response; versions prior to 2024.2 are vulnerable to authentication bypass (CVE-2024-28200).
  • ·The vulnerability affects ALL deployment configurations of N-central prior to 2024.2; no special preconditions (network position, authentication, or user interaction) are required for exploitation.
  • ·N-able states no in-the-wild exploitation has been observed as of the advisory date; however, the EPSS score of ~0.529 (97.9th percentile) indicates high community-assessed exploitation probability.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck6.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.