Cyber Resilience

CVE-2024-36047

Critical

Published: 27 February 2025

Published
27 February 2025
Modified
10 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0024 47.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-36047 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Infoblox Nios. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-36047 is an Improper Input Validation vulnerability (CWE-20) in Infoblox NIOS versions through 8.6.4 and 9.x through 9.0.3. Published on 2025-02-27, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

The vulnerability can be exploited by any unauthenticated attacker with network access, requiring low complexity and no user interaction. Exploitation enables high-impact disruption to confidentiality, integrity, and availability, allowing remote code execution or full system compromise.

The Infoblox advisory at https://support.infoblox.com/s/article/000010391 provides details on mitigation, including available patches for affected NIOS versions.

EU & UK References

Vulnerability details

Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated network RCE via improper input validation on public-facing Infoblox NIOS appliance directly matches exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-37566Same product: Infoblox Nios
CVE-2024-37567Same product: Infoblox Nios
CVE-2024-36046Same product: Infoblox Nios
CVE-2025-61880Same product: Infoblox Nios
CVE-2025-61879Same product: Infoblox Nios
CVE-2026-4755Shared CWE-20
CVE-2026-6973Shared CWE-20
CVE-2026-23836Shared CWE-20
CVE-2025-12275Shared CWE-20
CVE-2025-21344Shared CWE-20

Affected Assets

infoblox
nios
8.6.0 — 8.6.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly mandates validation of all user inputs to the system, comprehensively addressing the improper input validation (CWE-20) that enables RCE in this CVE.

prevent

SI-2 requires timely remediation of flaws, directly mitigating this CVE through application of available Infoblox patches to prevent exploitation.

detect

RA-5 ensures regular vulnerability scanning to identify and prioritize input validation flaws like CVE-2024-36047 for remediation.

References