Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Ecosystem Agent
- 4.0 - 4.5.1.2597
- 5.0 - 5.1.4.2473
Source
a5532a13-c4dd-4202-bef1-e0b8f2f8d12b
Tags
CVE-2024-5445 details
Published : Aug. 12, 2024, 1:38 p.m.
Last Modified : Aug. 12, 2024, 1:41 p.m.
Last Modified : Aug. 12, 2024, 1:41 p.m.
Description
Ecosystem Agent version 4 < 4.5.1.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position.
CVSS Score
| 1 | 2 | 3.8 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-295 | Improper Certificate Validation | The product does not validate, or incorrectly validates, a certificate. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
3.8
Exploitability Score
1.2
Impact Score
2.5
Base Severity
LOW
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
References
| URL | Source |
|---|---|
| https://me.n-able.com/s/article/How-to-check-Ecosystem-Agent-Version-in-N-sight | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b |
| https://me.n-able.com/s/article/How-to-check-Ecosystem-Agent-version-in-N-central | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b |
| https://me.n-able.com/s/security-advisory/aArVy0000000BhpKAE/cve20245445-ecosystem-agent-insufficient-transport-layer-security | a5532a13-c4dd-4202-bef1-e0b8f2f8d12b |
This website uses the NVD API, but is not approved or certified by it.