ServiceNow Addresses Input Validation Vulnerability in Now Platform Releases
CVE-2024-4879
Key Information:
- Vendor
Servicenow
- Status
- Vendor
- CVE Published:
- 10 July 2024
Badges
What is CVE-2024-4879?
CVE-2024-4879 is a critical input validation vulnerability affecting the Now Platform from ServiceNow, particularly in its Vancouver and Washington DC releases. This vulnerability potentially allows an unauthenticated attacker to execute remote code within the platform's context, significantly jeopardizing the integrity and security of affected systems. Organizations relying on ServiceNow for enterprise management and workflow automation may face substantial operational disruptions and data integrity risks if this vulnerability is exploited.
Technical Details
The vulnerability stems from inadequate input validation processes within the Now Platform, making it susceptible to exploitation by unauthorized users. By manipulating input vectors, attackers can gain control over executing arbitrary code remotely. ServiceNow has issued updates and patches to mitigate this security risk, applying these fixes to hosted instances and providing the updates to self-hosted customers and partners.
Impact of the Vulnerability
-
Remote Code Execution: The most significant impact of CVE-2024-4879 is the possibility for attackers to execute arbitrary code remotely. This capability could allow malicious actors to take control of the platform, leading to unauthorized access to sensitive data and system functions.
-
Data Breach Risks: With remote code execution abilities, an attacker could manipulate or extract confidential information from the Now Platform, leading to potential data breaches that can affect client data and compliance with data protection regulations.
-
Operational Disruption: Exploiting this vulnerability can result in significant disruptions to organizational operations reliant on the Now Platform. The ability for an attacker to execute code can lead to service outages, putting critical business processes at risk and resulting in recovery and remediation costs.
CISA has reported CVE-2024-4879
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-4879 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Now Platform 0
Now Platform 0
Now Platform 0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Critical ServiceNow vulnerabilities being targeted by hackers, cyber agency warns
The Cybersecurity and Infrastructure Security Agency (CISA) said hackers are trying to exploit the bugs, giving federal civilian agencies until August 19 to patch them.
CybersecurityNewsServiceNow Flaw Let Remote Attackers Execute Arbitrary Code
ServiceNow recently disclosed three critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178) affecting multiple Now
PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit
One threat actor claims to have already gathered email addresses and associated hashes from more than 110 remote IT management databases.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 👾
Exploit known to exist
- 📈
Vulnerability started trending
- 📰
First article discovered by Cyber Kendra
Vulnerability published
Vulnerability Reserved