cbcvebase.
CVE-2023-29492
published 2023-04-11

CVE-2023-29492: Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide…

PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-05-04
Exploited in the wild
EPSS
2.69%
84.0th percentile
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

Affected

1 ranges
VendorProductVersion rangeFixed in
3rdmillnovi_survey< 8.9.436768.9.43676

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability class is insecure deserialization in Novi Survey before version 8.9.43676, enabling remote code execution as the service account — monitor for anomalous process spawning from the Novi Survey service process
  • Exploitation vector is remote and unauthenticated deserialization — inspect inbound HTTP requests to Novi Survey endpoints for serialized object payloads (e.g., binary or base64-encoded .NET/Java serialization magic bytes)
  • ·Successful exploitation does NOT expose stored survey or response data — scope of impact is limited to service account code execution on the host
  • ·Vendor advisory and patch details are referenced at the Novi Survey blog; apply updates per vendor instructions targeting versions 8.9.43676 and later

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.