N-Able: Security Vulnerabilities
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2.
This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-07-01
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-08
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-08
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.
CVSS Score
7.0
EPSS Score
0.007
Published
2023-09-11
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-08-04