NoviSurvey Insecure Deserialization Vulnerability (CVE-2023-29492)

2023-05-2200:00:00

www.tenable.com

novisurvey

insecure deserialization

remote code execution

cve-2023-29492

web application

0.029 Low

EPSS

Percentile

90.9%

JSON

The version of NoviSurvey installed on the remote host is before 8.9.43676. It is therefore vulnerable to a insecure deserialization vulnerability that can allow remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(176211);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/23");

  script_cve_id("CVE-2023-29492");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/05/04");

  script_name(english:"NoviSurvey Insecure Deserialization Vulnerability (CVE-2023-29492)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application is affected by an insecure deserialization vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of NoviSurvey installed on the remote host is before 8.9.43676. It is therefore vulnerable to a insecure 
deserialization vulnerability that can allow remote attackers to execute arbitrary code on the server in the context 
of the service account. This does not provide access to stored survey or response data.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69dbc518");
  script_set_attribute(attribute:"solution", value:
"Upgrade to NoviSurvey 8.9.43676 or greater");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-29492");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/22");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:novisurvey:novi_survey");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("novi_survey_detect.nbin");
  script_require_keys("installed_sw/Novi Survey");
  script_require_ports("Services/www", 443);

  exit(0);
}

include('vcf.inc');
include('http.inc');

var app = 'Novi Survey';

var port = get_http_port(default:443);

var app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);

var constraints = [
  { 'fixed_version':'8.9.43676' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

VendorProductVersionCPE
novisurveynovi_surveycpe:/a:novisurvey:novi_survey

Vendor	Product	Version	CPE
novisurvey	novi_survey		cpe:/a:novisurvey:novi_survey

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29492

www.nessus.org/u?69dbc518

0.029 Low

EPSS

Percentile

90.9%

JSON

Related for NOVISURVEY_CVE-2023-29492.NASL