CVE-2023-29492 – CVE-2023-29492 is a critical remote code execut... (How to Fix)

Q: What is the severity of CVE-2023-29492?

CVE-2023-29492 has a CVSS score of 9.8 (CRITICAL). CVE-2023-29492 is a critical remote code execution vulnerability in Novi Survey software that allows attackers to execute arbitrary commands on affected servers. This affects all organizations running vulnerable versions of Novi Survey, potentially compromising the entire server environment. The vulnerability does not provide direct access to survey data but allows full server control.

📋 TL;DR

CVE-2023-29492 is a critical remote code execution vulnerability in Novi Survey software that allows attackers to execute arbitrary commands on affected servers. This affects all organizations running vulnerable versions of Novi Survey, potentially compromising the entire server environment. The vulnerability does not provide direct access to survey data but allows full server control.

💻 Affected Systems

Products:

Novi Survey

Versions: All versions before 8.9.43676

Operating Systems: Windows Server (primary deployment), Linux (if applicable)

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. The vulnerability exists in the web application component.

📦 What is this software?

Novi Survey by 3rdmill

View all CVEs affecting Novi Survey →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data exfiltration, ransomware deployment, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Attackers gain initial foothold on the server, install cryptocurrency miners or malware, and potentially pivot to other systems in the network.

🟢

If Mitigated

Attack is blocked at network perimeter, or server is isolated preventing lateral movement, limiting impact to single system.

🌐 Internet-Facing: HIGH - This is a remote code execution vulnerability that can be exploited without authentication, making internet-facing instances extremely vulnerable.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but require network access; risk depends on internal segmentation and access controls.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CISA has added this to their Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild. The high CVSS score and CWE-94 (Code Injection) suggest straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.9.43676 and later

Vendor Advisory: https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx

Restart Required: Yes

Instructions:

1. Download Novi Survey version 8.9.43676 or later from official vendor sources. 2. Backup current installation and data. 3. Run the installer to upgrade. 4. Restart the Novi Survey service. 5. Verify the version is updated.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Novi Survey instances using firewall rules

# Windows Firewall: New-NetFirewallRule -DisplayName "Block Novi Survey" -Direction Inbound -Protocol TCP -LocalPort 80,443 -Action Block
# Linux iptables: iptables -A INPUT -p tcp --dport 80 -j DROP && iptables -A INPUT -p tcp --dport 443 -j DROP

Application Layer Filtering

all

Implement WAF rules to block suspicious requests

# Example ModSecurity rule: SecRule ARGS "@rx malicious_pattern" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Immediately isolate affected systems from the internet and restrict internal network access
Implement strict network segmentation and monitor for suspicious outbound connections

🔍 How to Verify

Check if Vulnerable:

Check Novi Survey version in administration panel or by examining installed files. Versions below 8.9.43676 are vulnerable.

Check Version:

Check Novi Survey web interface admin panel or examine version.txt in installation directory

Verify Fix Applied:

Verify version is 8.9.43676 or higher in administration interface and check that all services are running normally.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation events from Novi Survey service account
Suspicious command execution in web server logs
Failed authentication attempts followed by successful exploitation

Network Indicators:

Outbound connections from Novi Survey server to suspicious IPs
Unusual traffic patterns from Novi Survey ports
Command and control beaconing behavior

SIEM Query:

source="novi-survey-logs" AND (event_type="process_creation" OR cmdline="*powershell*" OR cmdline="*cmd.exe*")

📊 Metadata

CVE ID: CVE-2023-29492

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: April 11, 2023

Last Updated: October 27, 2025

🔗 References

https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx Vendor Advisory
https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29492, you might also want to check these: