CVE-2024-36047

Critical

Published: 27 February 2025

Published

27 February 2025

Modified

10 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0024 47.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.

Security Summary

CVE-2024-36047 is an Improper Input Validation vulnerability (CWE-20) in Infoblox NIOS versions through 8.6.4 and 9.x through 9.0.3. Published on 2025-02-27, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

The vulnerability can be exploited by any unauthenticated attacker with network access, requiring low complexity and no user interaction. Exploitation enables high-impact disruption to confidentiality, integrity, and availability, allowing remote code execution or full system compromise.

The Infoblox advisory at https://support.infoblox.com/s/article/000010391 provides details on mitigation, including available patches for affected NIOS versions.

Details

CWE(s): CWE-20

Affected Products

infoblox

nios

8.6.0 — 8.6.4

References

https://support.infoblox.com/s/article/000010391
Vendor Advisory · cve@mitre.org