CVE-2023-29492

CISA description

Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account.

Required action

Apply updates per vendor instructions.

Notes & references

• https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx
• https://nvd.nist.gov/vuln/detail/CVE-2023-29492

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

• RA-5 · Vulnerability Monitoring and Scanning
• SI-2 · Flaw Remediation
• CM-6 · Configuration Settings
• SI-7 · Software, Firmware, and Information Integrity
• CM-8 · System Component Inventory

External lookups

• NVD · CVE-2023-29492
• CVE.org · CVE-2023-29492
• CISA KEV catalog (canonical)