Cyber Resilience

CVE-2024-37567

Critical

Published: 27 February 2025

Published
27 February 2025
Modified
10 April 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0024 47.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-37567 is a critical-severity Improper Access Control (CWE-284) vulnerability in Infoblox Nios. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2024-37567 is an improper access control vulnerability (CWE-284) in Infoblox NIOS versions through 8.6.4, specifically affecting Grid functionality. Published on 2025-02-27, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high impacts on confidentiality and integrity with no availability disruption.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation grants high-level access that compromises confidentiality by exposing sensitive data and integrity by allowing unauthorized modifications, potentially enabling full control over affected Grid components.

Infoblox has published a support advisory detailing mitigation steps at https://support.infoblox.com/s/article/000010393. Security practitioners should consult this reference for patch availability and recommended workarounds applicable to NIOS through 8.6.4.

EU & UK References

Vulnerability details

Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Improper access control in public-facing Infoblox NIOS Grid enables remote unauthenticated exploitation with high confidentiality/integrity impact, directly mapping to T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-37566Same product: Infoblox Nios
CVE-2024-36047Same product: Infoblox Nios
CVE-2024-36046Same product: Infoblox Nios
CVE-2025-61879Same product: Infoblox Nios
CVE-2025-61880Same product: Infoblox Nios
CVE-2026-39339Shared CWE-284
CVE-2026-46839Shared CWE-284
CVE-2025-26010Shared CWE-284
CVE-2026-34291Shared CWE-284
CVE-2023-47539Shared CWE-284

Affected Assets

infoblox
nios
8.6.0 — 8.6.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Explicitly authorizes only specific actions without identification or authentication, directly preventing improper unauthenticated access to Infoblox NIOS Grid functionality.

prevent

Enforces approved authorizations for logical access to system resources, mitigating the improper access control vulnerability in Grid components.

prevent

Requires timely identification, reporting, and remediation of flaws like CVE-2024-37567 through patching, comprehensively addressing the vulnerability.

References