CVE-2023-29492

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not...

Basic Information

CVE State: PUBLISHED
Reserved Date: April 07, 2023
Published Date: April 11, 2023
Last Updated: January 27, 2025
Vendor: n/a
Product: n/a
Description: Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2023-04-13 00:00:00 UTC) Source

References

https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx

Known Exploited Vulnerability Information

Source	Added Date
CISA	2023-04-13 00:00:00 UTC

Timeline

CVE ID Reserved

April 07, 2023
CVE Published to Public

April 11, 2023
Added to KEVIntel

April 13, 2023