External risk intelligence

Novi Survey Code Execution Vulnerability.

CVE advisoryKnown Exploit

CVE-2023-29492

A critical vulnerability in Novi Survey allows remote attackers to execute arbitrary code on the server. This does not affect survey or response data, but could lead to server compromise. Organizations using affected versions face a high business risk.

4Halo Surface Signal

Code Injection

3rdmill Novi Survey

before 8.9.43676

External exposure likelihood

Halo Surface Signal score for CVE-2023-29492

Novi Survey is a web-based application designed to host surveys and collect responses, which by its nature is typically deployed as a public-facing web service accessible via the internet to allow participants to interact with the platform.

Horizon Alert

Summary of the vulnerability and why it matters

Novi Survey, a survey application, contains a critical flaw that permits unauthorized code execution on the server. This vulnerability allows attackers to run commands with the same permissions as the survey service account. While this does not grant access to stored survey or response data, it could lead to a compromise of the server environment.

Vulnerable: Novi Survey application
Weakness: Arbitrary code execution
Impact: Server compromise

Attack Path

How an attacker could exploit the issue

Novi Survey, a web-based application, is exposed to external access. Attackers can remotely access the server and execute arbitrary code in the context of the service account. This allows for control over the server without affecting stored survey or response data.

External network access required.
Attacker executes arbitrary code.
Server control gained.

Live Threat

Current exploitation, exposure, and threat context

A critical vulnerability exists in Novi Survey software, specifically versions prior to 8.9.43676. This flaw allows remote attackers to execute arbitrary code on the server. While this does not grant access to stored survey or response data, the potential for code execution poses a significant risk. Organizations using affected versions should consider this a high-priority issue.

Attackers with moderate skill.
No authentication required.
High business risk and urgency.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An organization utilizing Novi Survey should prioritize a structured response to address a critical vulnerability. This issue allows remote attackers to execute arbitrary code on the server, posing a significant risk to system integrity. The potential for code execution requires immediate attention to safeguard the environment.

Identify all Novi Survey assets.
Reduce exposure or isolate affected systems.
Apply the vendor fix and validate changes.

Frequently asked questions

What is Novi Survey?

Novi Survey is a web-based application used for creating and conducting surveys, allowing users to collect responses from participants.

How does CVE-2023-29492 affect Novi Survey?

CVE-2023-29492 is a weakness classified as arbitrary code execution (CWE-94) that allows remote attackers to run commands on the server where Novi Survey is installed.

What is needed for an attacker to exploit CVE-2023-29492?

An attacker can exploit this vulnerability remotely without needing any special access or authentication, simply by interacting with the affected Novi Survey application.

Who should care about the Novi Survey vulnerability?

Organizations running Novi Survey that is accessible from the internet should care, as this vulnerability is classified as external and can be triggered remotely.

What should I do if I use Novi Survey?

First, identify all instances of Novi Survey within your organization. Next, consider reducing their network exposure or isolating them if possible, and then apply the vendor's provided update to the software.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.