CVE-2023-29492

CRITICAL KEV

novi_survey < 8.9.43676 - Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2023-29492 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 13, 2023.

Description

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

References (2)

Core 2

Core References

Vendor Advisory

https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492

Scores

CVSS v3 9.8

EPSS 0.1833

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2023-04-13

VulnCheck KEV 2023-04-13

InTheWild.io 2023-04-13

ENISA EUVD EUVD-2023-33059

CWE

CWE-94

Status published

Products (1)

3rdmill/novi_survey < 8.9.43676

Published Apr 11, 2023

KEV Added Apr 13, 2023

Tracked Since Feb 18, 2026