CVE-2024-36046

Critical

Published: 27 February 2025

Published

27 February 2025

Modified

10 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0026 48.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Infoblox NIOS through 8.6.4 executes with more privileges than required.

Security Summary

CVE-2024-36046 is a critical vulnerability (CVSS score 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting Infoblox NIOS through version 8.6.4. It stems from CWE-269 (Improper Privilege Management), where the software executes with more privileges than required, published on 2025-02-27.

A remote network attacker requires no privileges or user interaction and can exploit the issue with low complexity. Successful exploitation enables high-impact disruption to confidentiality, integrity, and availability, potentially allowing full system compromise.

The Infoblox advisory at https://support.infoblox.com/s/article/000010390 provides details on mitigation.

Details

CWE(s): CWE-269

Affected Products

infoblox

nios

8.6.0 — 8.6.4

References

https://support.infoblox.com/s/article/000010390
Vendor Advisory · cve@mitre.org