CVE-2024-5322
published 2024-07-01CVE-2024-5322: The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This…
PriorityP354critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.41%
32.7th percentile
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass.
This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n-able | n-central | < 2024.3 | 2024.3 |
| n-able | n-central | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.3%20Release%20Notes.htmhttps://me.n-able.com/s/security-advisory/aArVy0000000BgDKAU/cve20245322-ncentral-authentication-bypass-via-session-rebindinghttps://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.3%20Release%20Notes.htmhttps://me.n-able.com/s/security-advisory/aArVy0000000BgDKAU/cve20245322-ncentral-authentication-bypass-via-session-rebinding
2024-07-01
Published