What critical vulnerabilities have been identified in ServiceNow?

The critical vulnerabilities identified in ServiceNow are CVE-2024-4879 and CVE-2024-5217, both with a CVSS score of 9.8. CVE-2024-4879 allows attackers to bypass authentication mechanisms and gain unauthorized access, potentially leading to remote code execution. CVE-2024-5217 allows attackers to access and extract any data stored within the ServiceNow instance, posing severe risks to business operations and data privacy.

What is CVE-2024-5178 and its impact?

CVE-2024-5178, with a CVSS score of 4.9, enables attackers to escalate their privileges within the ServiceNow environment, granting them administrative access. This elevated access allows attackers to manipulate data and system settings more easily.

How are attackers exploiting these ServiceNow vulnerabilities?

Attackers are using automated tools to target login pages of ServiceNow instances, with payloads designed to test for remote code execution and to display database users and passwords. Over 6,000 sites across various industries, particularly in the financial services sector, have been targeted by exploitation attempts using these vulnerabilities.

What are the risks associated with these ServiceNow vulnerabilities?

The risks associated with these vulnerabilities include potential data breaches, unauthorized access to sensitive information, remote code execution, and manipulation of data and system settings, which can severely impact business operations and data privacy.

Advisory

ServiceNow IT service management platform fixes two critical flaws and other issues that can be chained to attack

Q: What should ServiceNow users do to mitigate these vulnerabilities?

ServiceNow users should ensure that all instances of ServiceNow are updated with the latest security patches. Regularly check for updates and apply them promptly to maintain a secure environment.

published: July 24, 2024

Take action: If you are running ServiceNow ticketing system - especially if it's exposed on the internet - PATCH NOW. You have two critical flaws, and automated attack tools are already scanning for them. Don't delay, you will be hacked.

Learn More

Multiple vulnerabilities including two critical flaw have been identified in the IT service management platform, ServiceNow.

The critical vulnerabilities are tracked as
- CVE-2024-4879 (CVSS Score 9.8) - This vulnerability allows attackers to bypass authentication mechanisms and gain unauthorized access to the ServiceNow platform. By exploiting this bug, attackers can remotely execute code on the platform.
- CVE-2024-5217 (CVSS score 9.8) - The final vulnerability in the chain allows attackers to access and extract any data stored within the ServiceNow instance. This includes confidential information, customer data, and internal communications, posing severe risks to business operations and data privacy.
These can potentially be chained with two other vulnerabilities to allow for unauthenticated remote code execution:
- CVE-2024-5178 (CVSS score 4.9) This bug enables attackers to escalate their privileges within the ServiceNow environment, granting them administrative access. This elevated access allows attackers to manipulate data and system settings more easily.

Over 6,000 sites across various industries, particularly in the financial services sector, have been targeted by exploitation attempts using these vulnerabilities. Attackers are using automated tools to target login pages, with payloads designed to test for remote code execution and to display database users and passwords. The potential for data breaches and unauthorized access to sensitive information highlights the critical nature of this issue.

ServiceNow has released patches to address these vulnerabilities. Ensure all instances of ServiceNow are updated with the latest security patches. Regularly check for updates and apply them promptly to maintain a secure environment.

ServiceNow IT service management platform fixes two critical flaws and other issues that can be chained to attack