Sploit.io - Search

Product: n-central, version: < 2024.3

CVE-2024-5322

Severity: CRITICAL

Description: The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.

CVSS Score: 9.1

Priority

B

CISA Data

EPSS Data

  • EPSS: 0.000430000
  • Percentile: 0.113610000
  • Date: 2025-01-18

ExploitDB

No data available.

HackerOne Data

  • Rank: 7457
  • Reports submitted count: 0
  • Unknown: 0
  • None: 0
  • Low: 0
  • Medium: 0
  • High: 0
  • Critical: 0

GitHub PoCs

    Nuclei Templates

    No data available.

    PacketStorm

    View PacketStorm Entry

    VulnCheck Data

    Affected Products:

    • N-able N-central - Versions: <2024.3

    References:

    Risk Assessment

    1. Risk Assessment
    The vulnerability identified as CVE-2024-5322 is a critical authentication bypass issue in the N-central server when using Entra SSO. It allows session rebinding of already authenticated users, potentially enabling unauthorized access to sensitive systems and data. The CVSS score of 9.1 (CRITICAL) underscores the severity of this vulnerability, with high impacts on confidentiality and integrity, though availability remains unaffected.

    The nature of this vulnerability makes it highly exploitable, as it requires no user interaction, no privileges, and can be executed over a network. Attackers can leverage this flaw to bypass authentication mechanisms, gaining unauthorized access to systems and potentially exfiltrating sensitive data or manipulating system configurations. The likelihood of exploitation is significant due to the low complexity of the attack and the widespread use of Entra SSO in N-central deployments.

    Business impacts include potential data breaches, regulatory non-compliance, reputational damage, and operational disruptions. Organizations relying on N-central for critical operations are particularly at risk, as attackers could gain control over managed systems and services.

    2. Potential Attack Scenarios
    An attacker could exploit this vulnerability by intercepting or manipulating session tokens during the authentication process. For example, an attacker could use a network-based attack to capture a valid session token from an authenticated user. By rebinding this token to their own session, the attacker could impersonate the legitimate user without needing to provide valid credentials.

    The attack process would involve the following steps:
    - The attacker monitors network traffic to identify active sessions.
    - The attacker captures a valid session token from an authenticated user.
    - The attacker rebinds the captured token to their own session, effectively bypassing authentication.
    - The attacker gains access to the N-central server with the privileges of the compromised user.

    Potential outcomes include unauthorized access to sensitive data, modification of system configurations, and lateral movement within the network to compromise additional systems. This could lead to a full-scale breach, with significant financial and operational consequences for the affected organization.

    3. Mitigation Recommendations
    The primary mitigation for this vulnerability is to upgrade N-central to version 2024.3 or higher, as this version includes a fix for the session rebinding issue. Organizations should prioritize this upgrade to eliminate the risk of exploitation.

    Immediate actions include:
    - Identifying all instances of N-central in the environment and verifying their version.
    - Scheduling and applying the upgrade to version 2024.3 or higher as soon as possible.
    - Monitoring network traffic for signs of unauthorized access or session hijacking attempts.

    Relevant resources for mitigation include the N-central 2024.3 release notes and the security advisory provided by N-able:
    https://documentation.n-able.com/N-central/Release_Notes/GA/Content/2024.3%20Release%20Notes.htm
    https://me.n-able.com/s/security-advisory/aArVy0000000BgDKAU/cve20245322-ncentral-authentication-bypass-via-session-rebinding

    4. Executive Summary
    CVE-2024-5322 is a critical vulnerability in the N-central server that allows attackers to bypass authentication by exploiting a session rebinding flaw in Entra SSO. This vulnerability poses a significant risk to organizations, as it can lead to unauthorized access, data breaches, and operational disruptions.

    The ease of exploitation and the high potential impact on confidentiality and integrity make this vulnerability a top priority for remediation. Organizations using N-central should immediately upgrade to version 2024.3 or higher to mitigate the risk. Failure to address this vulnerability could result in severe financial, regulatory, and reputational consequences.

    Taking prompt action to patch affected systems and monitor for signs of exploitation is essential to protect sensitive data and maintain business continuity. This vulnerability highlights the importance of staying current with software updates and proactively addressing security vulnerabilities to safeguard critical systems and infrastructure.