← Volver a CVEs
CVE-2023-29492
CRITICALCISA KEV9.8
Descripcion
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/11/2023
Ultima modificacion10/27/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorNovi Survey
ProductoNovi Survey
Nombre vulnerabilidadNovi Survey Insecure Deserialization Vulnerability
Fecha inclusion KEV2023-04-13
Fecha limite remediacion2023-05-04
Uso en ransomwareUnknown
Productos afectados
3rdmill:novi_survey
Debilidades (CWE)
CWE-94CWE-94
Referencias
https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.