Infoblox is vulnerable to CVE-2020-25705 which could re-enable DNS cache poisoning attacks.
On November 12, 2020, Red Hat announced CVE-2020-25705.
Designated as a Moderate security impact, this vulnerability involves a flaw in the way reply ICMP packets are limited in the Linux kernel that allows an off-path remote user to quickly scan open UDP ports, effectively bypassing source port UDP randomization. The highest threat from this vulnerability would be SAD DNS attack techniques which make it possible for a malicious actor to carry out an off-path attack, rerouting traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with communications.
Link to more details: https://access.redhat.com/security/cve/cve-2020-25705
CVSS3 Base Score 7.4
CVSS3 Base Metrics CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html
NIOS versions 8.4 and 8.5 are affected.
A generic hotfix for NIOS 8.4 and 8.5 will be released to address CVE-2020-25705 by upgrading the Linux kernel to v5.10 which is not vulnerable. A permanent fix will be made in the upcoming NIOS 8.5.2 release. Note that using DNSSEC also mitigates this vulnerability.