Vulnerability Description
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3Rdmill | Novi Survey | < 8.9.43676 |
Related Weaknesses (CWE)
References
- https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspxVendor Advisory
- https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspxVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-US Government Resource
FAQ
What is CVE-2023-29492?
CVE-2023-29492 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
How severe is CVE-2023-29492?
CVE-2023-29492 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-29492?
Check the references section above for vendor advisories and patch information. Affected products include: 3Rdmill Novi Survey.