NIOS is vulnerable to CVE-2023-37249 - #CVE-2023-37249
A recently disclosed critical vulnerability in Infoblox NIOS up to version 8.5.2 allowed for remote code execution by exploiting a faulty component in the NIOS user interface. An attacker could execute malicious code by accessing an authenticated feature of the NIOS UI and gain shell access, according to Sean Morland of NCC Group, who discovered the issue in August 2023. Infoblox has since issued NIOS version 8.5.3 and later to fix this vulnerability, along with hotfix NIOS-93969 for NIOS 8.5.2. This vulnerability is identified as CVE-2023-37249.