CVE-2024-5445

3.8 LOW

Published: August 12, 2024 Modified: April 15, 2026

Description

Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://me.n-able.com/s/article/How-to-check-Ecosystem-Agent-Version-in-N-sight

Source: a5532a13-c4dd-4202-bef1-e0b8f2f8d12b

https://me.n-able.com/s/article/How-to-check-Ecosystem-Agent-version-in-N-central

Source: a5532a13-c4dd-4202-bef1-e0b8f2f8d12b

https://me.n-able.com/s/security-advisory/aArVy0000000BhpKAE/cve20245445-ecosystem-agent-insufficient-transport-layer-security

Source: a5532a13-c4dd-4202-bef1-e0b8f2f8d12b

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

3.8 / 10.0

EPSS (Exploit Probability)

0.1%

29th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-295

Related CVEs

CVE-2026-40962 4.9

CVE-2026-40505 3.3

CVE-2026-40504 9.8

CVE-2026-3299 6.4

CVE-2026-40960 8.1