FlagThis

Attackers are intensifying their efforts to exploit old ServiceNow vulnerabilities, specifically CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, which were patched last year. GreyNoise, a threat intelligence firm, has observed a resurgence of in-the-wild activity targeting these flaws, putting unpatched company instances at risk. These vulnerabilities can potentially lead to unauthorized access to sensitive data, remote code execution, and full database compromise, even by unauthenticated actors.

The attacks have predominantly targeted systems in Israel, accounting for over 70% of recent malicious activity. However, organizations in Lithuania, Japan, and Germany have also been affected. Security experts urge organizations to apply the necessary patches to protect their ServiceNow platforms and mitigate the risk of exploitation. These vulnerabilities were initially discovered by Assetnote in May 2024, and ServiceNow promptly released patches, but a failure to apply these updates has left some systems vulnerable.

ImgSrc: files.cyberrisk

References :

• hackread.com: New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest
• Carly Page: Hackers are ramping up attempts to exploit a trio of year-old ServiceNow vulnerabilities to break into unpatched company instances
• www.itpro.com: Old ServiceNow vulnerabilities could cause havoc for unpatched customers
• www.scworld.com: Attacks involving ServiceNow vulnerabilities escalate
• Rescana: ServiceNow Vulnerabilities: Critical Exploits Impacting Israel and Global Systems

Classification:

• HashTags: #Vulnerability #ServiceNow #Attack
• Company: Microsoft
• Target: ServiceNow Customers
• Product: ServiceNow
• Feature: Privilege Escalation
• Type: Vulnerability
• Severity: Medium