CVE-2024-36046
Published: 27 February 2025
Summary
CVE-2024-36046 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Infoblox Nios. Its CVSS base score is 9.8 (Critical).
Operationally, ranked at the 48.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-7 (Least Functionality).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces the principle of least privilege, mitigating the core issue of software executing with excessive privileges as described in CWE-269.
Limits the system to essential functionality only, reducing the attack surface and necessity for elevated privileges that enable full system compromise.
Enforces approved authorizations for access to system resources, helping to contain the impact of processes running with improper privileges.
NVD Description
Infoblox NIOS through 8.6.4 executes with more privileges than required.
Deeper analysisAI
CVE-2024-36046 is a critical vulnerability (CVSS score 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting Infoblox NIOS through version 8.6.4. It stems from CWE-269 (Improper Privilege Management), where the software executes with more privileges than required, published on 2025-02-27.
A remote network attacker requires no privileges or user interaction and can exploit the issue with low complexity. Successful exploitation enables high-impact disruption to confidentiality, integrity, and availability, potentially allowing full system compromise.
The Infoblox advisory at https://support.infoblox.com/s/article/000010390 provides details on mitigation.
Details
- CWE(s)