Varied risk actors are actively exploiting ServiceNow vulnerabilities to focus on completely different organizations. Whereas ServiceNow has already patched these flaws, customers’ delay in updating their techniques has elevated the dangers.
Now-Patched ServiceNow Vulnerabilities Actively Exploited
Researchers from Resecurity have shared a detailed blog post highlighting their findings concerning the energetic exploitation of ServiceNow vulnerabilities.
As defined, they seen three completely different vulnerabilities affecting software program safety, placing customers in danger. Two of those flaws pose a extreme risk, as exploiting them permits distant code execution assaults, whereas the third vulnerability, a comparatively much less extreme flaw, could possibly be chained for the exploit.
- CVE-2024-4879 (CVSS 9.3): An enter validation vulnerability impacting Vancouver and Washington DC Now Platform releases. An unauthenticated adversary might exploit the flaw for distant code execution.
- CVE-2024-5217 (CVSS 9.3): One other enter validation flaw resulting in distant code execution from an unauthenticated attacker. This vulnerability affected the Washington DC, Vancouver, and earlier Now Platform releases.
- CVE-2024-5178 (CVSS 6.9): A file learn vulnerability affecting the Washington DC, Vancouver, and Utah Now Platform releases. An adversary with admin entry to the goal system might exploit the flaw to achieve unauthorized entry to delicate recordsdata.
These vulnerabilities caught the eye of Assetnote researchers, who then responsibly disclosed the failings to the seller. They revealed an in depth post highlighting the technical features of the vulnerabilities and explaining how an adversary might chain the failings to entry databases and execute malicious codes.
Quickly after the invention, ServiceNow addressed these vulnerabilities with hotfixes and software program updates for the respective Platform releases on July 10, 2024. Customers could discover these updates within the advisories launched for CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, respectively.
Nonetheless, these patches couldn’t assist the customers a lot because the customers’ delay in updating techniques gave ample time to develop working exploits. Consequently, Resecurity researchers detected energetic exploitation of the vulnerabilities within the wild, concentrating on numerous entities.
Exploitation Makes an attempt Goal Victims Globally
Inside every week of the vulnerability launch, the researchers detected a world marketing campaign exploiting these vulnerabilities, concentrating on numerous victims, together with an vitality company, an information middle group, a authorities company within the Center East, and a software program improvement home. (Resecurity has not disclosed the sufferer corporations’ names but.)
Following Resecurity’s report, ServiceNow confirmed (in an announcement to Bleeping Laptop), that they didn’t detect any malicious exercise impacting ServiceNow hosts.
Nonetheless, given the persistent risk, all customers should be certain that their techniques are patched instantly with the most recent software program releases and scorching fixes.
ServiceNow is an American platform-as-a-service that facilitates organizations in helpdesk and IT service administration actions. The platform boasts a worldwide clientele from numerous sectors, together with Fortune 500 corporations.
Tell us your ideas within the feedback.
