NIOS
by Infoblox
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37566 | Cri | 0.64 | 9.8 | 0.00 | Feb 27, 2025 | Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. | ||
| CVE-2024-36047 | Cri | 0.64 | 9.8 | 0.00 | Feb 27, 2025 | Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. | ||
| CVE-2024-36046 | Cri | 0.64 | 9.8 | 0.00 | Feb 27, 2025 | Infoblox NIOS through 8.6.4 executes with more privileges than required. | ||
| CVE-2024-37567 | Cri | 0.59 | 9.1 | 0.00 | Feb 27, 2025 | Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. | ||
| CVE-2023-37249 | Hig | 0.57 | 8.8 | 0.01 | Aug 25, 2023 | Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. | ||
| CVE-2018-10239 | Med | 0.44 | 6.7 | 0.00 | Jun 17, 2019 | A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The… | ||
| CVE-2020-15303 | Med | 0.42 | 6.5 | 0.01 | Jun 28, 2021 | Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. | ||
| CVE-2022-28975 | Med | 0.35 | 5.4 | 0.00 | Jan 9, 2024 | A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. | ||
| CVE-2025-61880 | 0.00 | — | 0.01 | Feb 12, 2026 | In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution. | |||
| CVE-2025-61879 | 0.00 | — | 0.00 | Feb 12, 2026 | In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism. |
- risk 0.64cvss 9.8epss 0.00
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.
- risk 0.64cvss 9.8epss 0.00
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.
- risk 0.64cvss 9.8epss 0.00
Infoblox NIOS through 8.6.4 executes with more privileges than required.
- risk 0.59cvss 9.1epss 0.00
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.
- risk 0.57cvss 8.8epss 0.01
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.
- risk 0.44cvss 6.7epss 0.00
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The…
- risk 0.42cvss 6.5epss 0.01
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.
- risk 0.35cvss 5.4epss 0.00
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.
- CVE-2025-61880Feb 12, 2026risk 0.00cvss —epss 0.01
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
- CVE-2025-61879Feb 12, 2026risk 0.00cvss —epss 0.00
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.