Nios
CVE-2023-37249
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.
AnalysisAI
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. Affected products include: Infoblox Nios. Version information: through 8.5.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. Rated critical severity (CVSS 9.8), thi
Infoblox NIOS through 8.6.4 executes with more privileges than required. Rated critical severity (CVSS 9.8), this vulner
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. Rated critical severity (CVSS 9.8), this vulnerabilit
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary w
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. Rated critical severity (CVSS 9.1), this vulnerabilit
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution. [CVSS 8.8 HIGH]
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mech
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today