CVE-2024-37567

CVE-2024-37567 is an improper access control vulnerability (CWE-284) in Infoblox NIOS versions through 8.6.4, specifically affecting Grid functionality. Published on 2025-02-27, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high impacts on confidentiality and integrity with no availability disruption.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation grants high-level access that compromises confidentiality by exposing sensitive data and integrity by allowing unauthorized modifications, potentially enabling full control over affected Grid components.

Infoblox has published a support advisory detailing mitigation steps at https://support.infoblox.com/s/article/000010393. Security practitioners should consult this reference for patch availability and recommended workarounds applicable to NIOS through 8.6.4.