Outbreak Alert
Watch Video
Actively targeted vulnerabilities
FortiGuard Labs continue to observe attack attempts targeting the recent ServiceNow Platform vulnerabilities (CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178). When chained together, could lead to Remote Code Execution and potential data breaches with unauthorized system access. Learn More »
Common Vulnerabilities and Exposures
Background
ServiceNow is a widely used platform for business transformation used to manage enterprise operations such as HR and employee management. It recently has disclosed three security vulnerabilities identified as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217, these vulnerabilities affect various versions of the Now Platform including Utah, Vancouver, and Washington DC Now platform releases.
FortiGuard IPS telemetry indicates that the flaws are actively being targeted, with threat actors potentially weaponizing publicly available proof-of-concept (PoC) exploits.
CVE-2024-4879 is a Jelly Template Injection Vulnerability in UI macros that could enable an unauthenticated user to remotely execute code within the context of the Now Platform.
CVE-2024-5178 is an Incomplete Input Validation in SecurelyAccess API. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server.
CVE-2024-5217 is an Incomplete Input Validation in GlideExpression Script. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
FortiGuard Labs recommends organizations using ServiceNow to apply the updates for CVE-2024-4879, CVE-2024-5178 and CVE-2024-5217 to fully mitigate risks of potential attacks. Please see the references section for links to individual KB articles disclosed by ServiceNow.
-
July 29, 2024: FortiGuard Labs released a Threat Signal.
https://www.fortiguard.com/threat-signal-report/5497/ -
July 29, 2024: CISA added CVE-2024-4879 and CVE-2024-5178 to its Known Exploited Vulnerabilities (KEV) Catalog
-
July 11, 2024: Assetnote researchers who discovered the flaw published a detailed write-up about CVE-2024-4879 and two more flaws (CVE-2024-5178 and CVE-2024-5217) in ServiceNow that can be chained for full database access.
https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
Web App Security
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
References
Sources of information in support and relation to this Outbreak and vendor.