CVE-2024-36047
Published: 27 February 2025
Summary
CVE-2024-36047 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Infoblox Nios. Its CVSS base score is 9.8 (Critical).
Operationally, ranked at the 47.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly mandates validation of all user inputs to the system, comprehensively addressing the improper input validation (CWE-20) that enables RCE in this CVE.
SI-2 requires timely remediation of flaws, directly mitigating this CVE through application of available Infoblox patches to prevent exploitation.
RA-5 ensures regular vulnerability scanning to identify and prioritize input validation flaws like CVE-2024-36047 for remediation.
NVD Description
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.
Deeper analysisAI
CVE-2024-36047 is an Improper Input Validation vulnerability (CWE-20) in Infoblox NIOS versions through 8.6.4 and 9.x through 9.0.3. Published on 2025-02-27, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
The vulnerability can be exploited by any unauthenticated attacker with network access, requiring low complexity and no user interaction. Exploitation enables high-impact disruption to confidentiality, integrity, and availability, allowing remote code execution or full system compromise.
The Infoblox advisory at https://support.infoblox.com/s/article/000010391 provides details on mitigation, including available patches for affected NIOS versions.
Details
- CWE(s)