MidnightBSD

Advisories for n-able

CVE-2023-27470

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
n-able take_control *
CVE-2023-30297

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.

Products Affected

Vendor Product Version
n-able n-central *
CVE-2023-37244

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@google.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
n-able automation_manager *
CVE-2023-47131

The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.

Products Affected

Vendor Product Version
n-able passportal *
CVE-2023-47132

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.

Products Affected

Vendor Product Version
n-able n-central *
CVE-2024-28200

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
a5532a13-c4dd-4202-bef1-e0b8f2f8d12b 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
n-able n-central *
CVE-2024-5322

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
a5532a13-c4dd-4202-bef1-e0b8f2f8d12b 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
n-able n-central *
CVE-2024-8510

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
a5532a13-c4dd-4202-bef1-e0b8f2f8d12b 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
n-able n-central *
CVE-2025-10231

An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
a5532a13-c4dd-4202-bef1-e0b8f2f8d12b 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
n-able n-central *
CVE-2025-11366

N-central < 2025.4 is vulnerable to authentication bypass via path traversal

Products Affected

Vendor Product Version
n-able n-central *
CVE-2025-11367

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization

Products Affected

Vendor Product Version
n-able n-central *
CVE-2025-11700

N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure

Products Affected

Vendor Product Version
n-able n-central *
CVE-2025-7051

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
a5532a13-c4dd-4202-bef1-e0b8f2f8d12b 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
n-able n-central *
CVE-2025-8875

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
n-able n-central *
CVE-2025-8876

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
n-able n-central *