CVE-2024-28200— N-central Authentication Bypass

CVSS 9.1 · Critical EPSS 53.39% · P98 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-28200

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N-central Authentication Bypass

Source: NVD (National Vulnerability Database)

Vulnerability Description

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用候选路径或通道进行的认证绕过

Source: NVD (National Vulnerability Database)

Vulnerability Title

N‑able N-Central 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

N‑able N-Central是N‑able公司的一个功能强大、可定制的远程监控和管理平台。 N‑able N-Central 2024.2 版本之前存在安全漏洞，该漏洞源于用户界面身份验证可以被绕过。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
N-able	N-central	<2024.2	-

II. Public POCs for CVE-2024-28200

#	POC Description	Source Link	Shenlong Link
1	N-central server versions prior to 2024.2 contain an authentication bypass in the user interface, letting attackers access restricted areas without proper credentials, exploit requires no specific conditions.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-28200.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-28200

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: N-central

Same vendor: N-able

Same weakness: CWE-288

V. Comments for CVE-2024-28200

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-28200— N-central Authentication Bypass

I. Basic Information for CVE-2024-28200

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2024-28200

III. Intelligence Information for CVE-2024-28200

IV. Related Vulnerabilities

V. Comments for CVE-2024-28200

Leave a comment