Infoblox BLOXONE, NIOS and NETMRI products are not vulnerable to CVE-2022-1183
May 18, 2022•Knowledge
Are BLOXONE, NIOS and NETMRI products vulnerable to CVE-2022-1183?
Infoblox products BLOXONE, NIOS and NETMRI are not vulnerable to CVE-2022-1183 .
An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.
On May 18th, 2022 ISC announced a new vulnerability, CVE-2022-1183.
On BIND servers using DNS over HTTPs (DoH), an assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.
Program impacted: BIND
CVSS Score: 7.0
CVSS Vector: CVSS v3.1 Vector:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL/RC:C
Infoblox BLOXONE, NIOS and NETMRI products are not impacted by this CVE. Infoblox products do not use the BIND implementation for DoT/DoH.
This CVE only affects BIND servers that are using DNS over HTTPS. On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to `http` within the `listen-on` statements in their `named.conf`. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected.
No workaround is needed for Infoblox BLOXONE, NIOS and NETMRI products.
No action is required for BLOXONE, NIOS or NETMRI products.