CISA KEV 정보
| 취약점명 | Novi Survey Insecure Deserialization Vulnerability |
|---|---|
| 설명 | Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-94 |
| 등록일 (KEV) | 2023-04-13 |
| 조치 기한 | 2023-05-04 |
| 추가 참고 | https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx; https://nvd.nist.gov/vuln/detail/CVE-2023-29492 |
NVD 상세 정보
CVSS v3.1: 9.8 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H설명: Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
CWE: CWE-94 | CWE-94
참조
- https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx [Vendor Advisory]
- https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.