Searchlight Cyber is used by security professionals and leading investigators to surface criminal activity and protect businesses. Book your demo to find out how Searchlight can:
August 8, 2024
A Deep Dive into Three ServiceNow Vulnerabilities
A Deep Dive into Three ServiceNow Vulnerabilities
overview
Over the last decade, ServiceNow has been deployed readily across enterprises. With its growing popularity, combined with the lack of visibility organizations have on its security posture, at Assetnote, we worked hard to discover ServiceNow vulnerabilities.
Assetnote Security Researcher, Adam Kues, spent over a month finding an exploit chain and was credited with CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. At the time of discovery, these vulnerabilities affected an estimated 42,000+ ServiceNow instances globally.
The exploit chain would allow attackers to do the following on any ServiceNow instance without authentication (versions Vancouver and Washington):
1) Execute arbitrary Glide scripting language code
2) Executing arbitrary commands on any connected MID servers
3) Reading local system files
We released a vulnerability check through the Assetnote platform to identify vulnerable customer instances. Customers were provided a mitigation, long before any official patches were deployed.
We reported this issue on May 14th, 2024. ServiceNow responded incredibly quickly and applied the update to all customers (excellent work!). We had the chance to work closely with their team to address these vulnerabilities, and they continued to roll out patches to secure customer instances.
Read the full research blog on the Assetnote site here.
Book your demo: Identify cyber threats earlier– before they impact your business
Enhance your security with advanced automated dark web monitoring and investigation tools
Continuously monitor for threats, including ransomware groups targeting your organization
Prevent costly cyber incidents and meet cybersecurity compliance requirements and regulations