CVE-2024-37567 – Infoblox NIOS through version 8.6.4 has imprope... (How to Fix)

Q: What is the severity of CVE-2024-37567?

CVE-2024-37567 has a CVSS score of 9.1 (CRITICAL). Infoblox NIOS through version 8.6.4 has improper access control for Grids, allowing unauthorized users to access or modify Grid configurations. This affects all Infoblox NIOS deployments running vulnerable versions, potentially compromising DNS, DHCP, and IPAM management.

📋 TL;DR

Infoblox NIOS through version 8.6.4 has improper access control for Grids, allowing unauthorized users to access or modify Grid configurations. This affects all Infoblox NIOS deployments running vulnerable versions, potentially compromising DNS, DHCP, and IPAM management.

💻 Affected Systems

Products:

Infoblox NIOS

Versions: through 8.6.4

Operating Systems: Infoblox appliances and virtual appliances

Default Config Vulnerable: ⚠️ Yes

Notes: All Grid configurations in vulnerable versions are affected. The vulnerability exists in the access control mechanism for Grid management.

📦 What is this software?

Nios by Infoblox

View all CVEs affecting Nios →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Grid infrastructure allowing attackers to modify DNS records, redirect traffic, disrupt DHCP services, or gain persistent network access.

🟠

Likely Case

Unauthorized configuration changes leading to service disruption, data leakage, or privilege escalation within the Grid environment.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized Grid access attempts.

🌐 Internet-Facing: HIGH - Grid management interfaces may be exposed to internet-facing networks in some deployments.

🏢 Internal Only: HIGH - Even internally, improper access control allows lateral movement and privilege escalation within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access to the Grid management interface, but the improper access control makes exploitation straightforward once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.6.5 and later

Vendor Advisory: https://support.infoblox.com/s/article/000010393

Restart Required: Yes

Instructions:

1. Backup current Grid configuration. 2. Download and apply NIOS 8.6.5 or later from Infoblox support portal. 3. Follow Infoblox upgrade procedures for your deployment type. 4. Restart Grid services as required by the upgrade process.

🔧 Temporary Workarounds

Restrict Grid Management Access

all

Limit access to Grid management interfaces using network ACLs and firewall rules

Implement Strict RBAC

all

Apply principle of least privilege and regularly audit user permissions

🧯 If You Can't Patch

Implement strict network segmentation to isolate Grid management interfaces
Enable comprehensive logging and monitoring for unauthorized Grid access attempts

🔍 How to Verify

Check if Vulnerable:

Check NIOS version via Grid Manager GUI or CLI: show version

Check Version:

show version

Verify Fix Applied:

Verify version is 8.6.5 or later and test access control functionality

📡 Detection & Monitoring

Log Indicators:

Unauthorized Grid access attempts
Unexpected configuration changes
Failed authentication events followed by successful Grid operations

Network Indicators:

Unusual traffic to Grid management ports (typically 443, 22)
Connection attempts from unauthorized IP ranges

SIEM Query:

source="infoblox" AND (event_type="grid_access" OR event_type="config_change") AND user NOT IN [authorized_users]

📊 Metadata

CVE ID: CVE-2024-37567

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-284

EPSS Score: 0.12% exploit probability (30.5th percentile)

Published: February 27, 2025

Last Updated: April 10, 2025

🔗 References

https://support.infoblox.com/s/article/000010393 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37567, you might also want to check these: