CVE-2024-5445

CVSS 3.1 Score 3.8 of 10 (low)

Details

Published Aug 12, 2024
CWE ID 295

Summary

CVE-2024-5445 is a vulnerability affecting versions 4 < 4.5.1.2597 and 5 < 5.1.4.2473 of the N-able Ecosystem Agent. This issue lies in the agent's SSL/TLS certificate validation process, which is inadequate. As a result, a malicious actor can perform Man-in-the-Middle attacks by intercepting traffic between the agent and N-able servers from a privileged network position. Successful exploitation of this vulnerability could lead to data theft or unauthorized access to sensitive information. Users are advised to update their Ecosystem Agent to the latest versions to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share