CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47132
https://notcve.org/view.php?id=CVE-2023-47132
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. Un problema descubierto en N-able N-central antes de 2023.6 y anteriores permite a los atacantes obtener privilegios elevados a través de llamadas API. • https://me.n-able.com/s/security-advisory/aArHs000000M8CHKA0/cve202347132-ncentral-api-privilege-escalation • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30297
https://notcve.org/view.php?id=CVE-2023-30297
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. Un problema encontrado en N-central Server de N-able Technologies para versiones anteriores a 2023.4 permite a un atacante local ejecutar código arbitrario a través de la función de monitorización del servidor. • https://status.n-able.com/2023/07/27/cve-2023-30297-release-note https://www.n-able.com •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15910
https://notcve.org/view.php?id=CVE-2020-15910
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker. SolarWinds N-Central versiones hasta 12.3 GA y anteriores, no establece el atributo JSESSIONID en HTTPOnly. • https://limenetworks.nl/wp-content/uploads/CVE-934261-v-1.2.pdf https://www.solarwindsmsp.com/products/n-central • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15909
https://notcve.org/view.php?id=CVE-2020-15909
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers’ workstation by browsing to the victim’s NCentral server URL and replacing the JSESSIONID attribute value by the captured value. • https://limenetworks.nl/wp-content/uploads/CVE-934261-v-1.2.pdf https://www.solarwindsmsp.com/products/n-central • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-7984
https://notcve.org/view.php?id=CVE-2020-7984
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. SolarWinds N-central versiones anteriores a 12.1 SP1 HF5 y versiones 12.2 anteriores a SP1 HF2, permite a atacantes remotos recuperar credenciales de administrador de dominio de texto sin cifrar de la configuración de Agent & Probe, y obtener otra información confidencial. El atacante puede utilizar un ID de cliente para registrarse a si mismo y leer cualquier aspecto de la configuración de agent/appliance. • https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5 https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5 https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2 https://github.com/flipflopfpv https://packetstormsecurity.com/files/156033 https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central http • CWE-319: Cleartext Transmission of Sensitive Information •