January 19, 2023
Question/Summary:
CVE-2022-32972: Infoblox BloxOne Endpoint for Windows local privilege escalation.
Customer Environment:
Customers who are running BloxOne Endpoint on their host devices.
Overview and Impact:
A vulnerability was found in the executable run by the Infoblox BloxOne Endpoint agent, enabling a low-privileged attacker to execute any program as the highly-privileged system user. Versions 2.3.2 and below are vulnerable to a dynamic-link library (DLL) injection attack that can result in local privilege escalation.
CVSS: 6.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/MAC:H)
Affected Versions:
BloxOne Endpoint for Windows Version 2.3.2 and below is affected by a security vulnerability that may lead to a local privilege escalation.
Resolution:
BloxOne Endpoint Version 2.3.3 and later fix the vulnerability. A new BloxOne Endpoint Version 2.3.6 will also be released that fixes the vulnerability along with a few minor issues.
Note: If the BloxOne Endpoint group is configured with Scheduling/Defer updates, make sure that it is configured properly so that the BloxOne Endpoint version that fixes the vulnerability is pushed to the agent as soon as possible. Kindly refer to the below document for a detailed understanding of "Scheduling Endpoint Group Updates"
https://docs.infoblox.com/space/BloxOneThreatDefense/35374562/Scheduling+Endpoint+Group+Updates
