GreyNoise has reported an increase in attempts by hackers to exploit three critical vulnerabilities in ServiceNow initially disclosed in May 2023. These are CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178. While these vulnerabilities were patched in July 2023, a surge in targeting has been noted, particularly in Israel and Lithuania. Both CVE-2024-4879 and CVE-2024-5217 allow unauthenticated access for arbitrary code execution. In addition, CVE-2024-5178 enables unauthorized file access. Chaining these vulnerabilities could grant full database access, marking a significant security concern for affected organizations.
"CVE-2024-4879 and CVE-2024-5217 are both input validation vulnerabilities that could allow unauthenticated remote attackers to execute arbitrary code on the Now Platform..."
"The fact that full database access could be achieved by an entirely unauthenticated actor is unique..."
Collection
[
|
...
]