THE GAME HAS CHANGED

Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now

Trending KB Articles

feb-20.jpg

NIOS is vulnerable to CVE-2023-37249

monikaschulze
Authority
Posts: 16
monikaschulze

NIOS is vulnerable to CVE-2023-37249

Authority ‎08-24-2023 10:10 AM

August 2, 2023 • Knowledge

 

Overview and Impact:

Currently supported Infoblox NIOS versions through 8.5.2 have a faulty component that accepts malicious input without sanitization, resulting in shell access. The absence of proper validation on an input field allowed for the exploitation of a remote code execution (RCE) vulnerability. The malicious actor needs access to an authenticated feature in the NIOS UI to be able to execute the malicious input to gain access to the shell.
 

Affected Versions:

NIOS 8.5.2 and prior

 

Resolution:

The fix for this issue was included in 8.5.3 and later releases of NIOS. A hotfix identified as NIOS-93969 is available for NIOS 8.5.2 and is attached to this article. Additionally this issue was resolved in the hotfix for CVE-2023-2828.

 

The vulnerability was identified thanks to the efforts of Sean Morland of NCC Group.

Labels:
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended Discussions

Re: NIOS DDI DHCP migration

Re: Option 121, how to?

Re: RegreSSHion vulnerability (CVE-2024-6387)

Re: Is NIOS affected by these four new ISC BIND CVEs?

Is NIOS affected by these four new ISC BIND CVEs?