Infoblox Security Vulnerabilities

CVE-2002-2213

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed respo...

CVE-2004-0460

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) N...

CVE-2004-0461

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of servic...

CVE-2004-0606

Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTNAME option of a DHCP request.

CVE-2011-5178

Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.

CVE-2014-3418

config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.

CVE-2014-3419

Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.

CVE-2015-2033

Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request.

CVE-2016-6484

CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.

CVE-2018-10239

A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The vulnerability is due to a we...

CVE-2018-6643

Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.

CVE-2020-15303

Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.

CVE-2022-28975

A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.

CVE-2022-32972

Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation.

CVE-2023-37249

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.