Three critical vulnerabilities have been discovered in the ServiceNow IT service management platform. These flaws, identified as CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, have been under active exploitation and have exposed sensitive information from over 105 organizations.
The vulnerabilities allow unauthenticated remote attackers to execute arbitrary code within the Now Platform, potentially leading to compromise, data theft, and disruption of business operations. The first two flaws have a CVSS score of 9.3 and 9.2 respectively, making them highly severe.
Threat actors are exploiting these vulnerabilities to steal email addresses, hashed passwords, and other sensitive data. The stolen data is being offered for sale on the dark web for $5,000.
Resecurity warns that the bad actors will increasingly target ServiceNow because of these vulnerabilities. They will use compromised access to IT service desks, corporate portals, and other enterprise systems to conduct reconnaissance and attack planning.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its known exploited vulnerabilities catalog, urging federal civilian executive branch agencies to apply the patches by August 19 or discontinue the use of ServiceNow until remediation.
ServiceNow learned of the vulnerability on May 14, 2024, and deployed an update. The company encourages all customers to apply relevant patches and will continue to work directly with customers who need assistance in applying those patches.
Understanding the vulnerabilities:
* CVE-2024-4879: Authentication Bypass, allows attackers to bypass authentication and access the ServiceNow platform without permission.
* CVE-2024-5217: Arbitrary Data Access, lets attackers access and extract any data stored in the ServiceNow system, including sensitive information, customer data, and internal communications.
* CVE-2024-5178: Privilege Escalation, allows attackers to increase their access level within the ServiceNow system, giving them administrative control.
It is crucial for organizations using ServiceNow to apply these updates immediately to protect their systems and data from potential attacks.
Source: https://www.csoonline.com/article/3478933/critical-servicenow-vulnerabilities-expose-businesses-to-data-breaches.html