Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

General Security & Cybersecurity Ecosystem

Reply

NIOS XML Vulnerability

[ Edited ]
Sean_Tierney
New Member
Posts: 12

‎05-11-2021 03:07 PM - edited ‎05-11-2021 05:08 PM

7262     1

Overview

A vulnerability in Infoblox NIOS may allow for an XML Bomb attack. The configuration for SAML authentication service for the application can be imported by a privileged user from an XML file without validation, potentially resulting in a Denial of Service (DOS).

 

Description
The Infoblox NIOS application allows users to import authentication service configurations by parsing an XML file, without prior validation of the file’s content. This may be exploited by a malicious user by uploading an XML file with calls to recursive entities. The server will be delayed while parsing the content of the XML file, resulting in a DOS.

 

CVE: CVE-2020-15303

CVSSv3 Score: 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)

 

Affected NIOS Versions:

Affects NIOS versions which support SAML authentication. Specifically:

NIOS 8.4.0 through NIOS 8.4.8

NIOS 8.5.0,  NIOS 8.5.1

 

Workaround
None

 

Resolution:

Infoblox addresses the CVE: CVE-2020-15303 vulnerability in NIOS 8.5.2. 

 

To eliminate the possibility of exploiting the above vulnerability, Infoblox strongly recommends  upgrading to NIOS 8.5.2 or above.

Labels:
Reply
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community