← Voltar para CVEs
CVE-2023-29492
CRITICALCISA KEV9.8
Descricao
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/11/2023
Ultima modificacao10/27/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorNovi Survey
ProdutoNovi Survey
Nome da vulnerabilidadeNovi Survey Insecure Deserialization Vulnerability
Data inclusao KEV2023-04-13
Prazo de remediacao2023-05-04
Uso em ransomwareUnknown
Produtos afetados
3rdmill:novi_survey
Fraquezas (CWE)
CWE-94CWE-94
Referencias
https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.