Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Trending KB Articles


NIOS is vulnerable to CVE-2023-37249

August 2, 2023 • Knowledge


Overview and Impact:

Currently supported Infoblox NIOS versions through 8.5.2 have a faulty component that accepts malicious input without sanitization, resulting in shell access. The absence of proper validation on an input field allowed for the exploitation of a remote code execution (RCE) vulnerability. The malicious actor needs access to an authenticated feature in the NIOS UI to be able to execute the malicious input to gain access to the shell.

Affected Versions:

NIOS 8.5.2 and prior



The fix for this issue was included in 8.5.3 and later releases of NIOS. A hotfix identified as NIOS-93969 is available for NIOS 8.5.2 and is attached to this article. Additionally this issue was resolved in the hotfix for CVE-2023-2828.


The vulnerability was identified thanks to the efforts of Sean Morland of NCC Group.

Showing results for 
Search instead for 
Did you mean: