On April 28, 2021 ISC announced CVE-2021-25214, CVE-2021-25215, CVE-2021-2516. All NIOS versions are vulnerable to CVE-2021-25214 and CVE-2021-25215. NIOS is not vulnerable to CVE-2021-25216.
CVSS Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected versions
All NIOS versions are affected
Workarounds
No workaround – Hotfix required; see below
CVE-2021-25215:DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way named processes these records may trigger an attempt to add the same RRset to the ANSWER section more than once. This causes an assertion check in BIND to fail.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected versions
All NIOS versions are affected
Workarounds
No workaround – Hotfix required; see below
CVE-2021-25216:GSS-TSIG is an extension to the TSIG protocol which is intended to support the secure exchange of keys for use in verifying the authenticity of communications between parties on a network.
Affected versions
Infoblox is not vulnerable
Infoblox has released hotfixes for the following currently active NIOS versions:
Please follow the instructions indicated in the hotfix release form in applying the appropriate hotfix to your NIOS version (all attached to this KB)