CVE-2018-10239

Name of the Vulnerable Software and Affected Versions Infoblox NIOS versions 6.8 through 8.4.1

Description A privilege escalation issue exists in the "support access" feature due to a weakness in the password generation algorithm. This could allow a locally authenticated administrator to gain additional privileges on an affected device and perform actions within the super user scope if they know the support access code for the current session and the algorithm to generate the support access password. The "support access" feature is disabled by default and automatically expires after 24 hours when enabled.

Recommendations For Infoblox NIOS versions 6.8 through 8.4.1, consider disabling the "support access" feature until a patch is available to prevent potential exploitation. As a temporary workaround, restrict the use of the "support access" feature to minimize the risk of privilege escalation. Ensure that only necessary personnel have access to the support access code and are aware of the potential vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.