CVE-2024-4879
Published: 10 July 2024
Summary
CVE-2024-4879 is a critical-severity Improper Validation of Specified Type of Input (CWE-1287) vulnerability in Servicenow Servicenow. Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
ServiceNow addressed an input validation vulnerability affecting the Vancouver and Washington DC releases of its Now Platform. The flaw is tracked as CVE-2024-4879 and carries a CVSS 4.0 score of 9.3, reflecting its potential for remote code execution.
An unauthenticated attacker can exploit the weakness over the network to execute arbitrary code within the Now Platform context, without requiring user interaction or elevated privileges. The vulnerability is assigned CWE-1287 and related NVD entries.
ServiceNow has applied fixes to hosted instances and released corresponding patches and hot fixes for self-hosted customers and partners. The vendor strongly recommends immediate application of the updates referenced in KB1644293 and KB1645154.
Public reporting indicates the issues are under active exploitation, and the CVE maintains a high EPSS score with a recorded peak of 0.9656.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-44451
Vulnerability details
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update…
more
to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
- CWE(s)
- KEV Date Added
- 29 July 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input to the Now Platform, eliminating the CWE-1287 flaw that permits unauthenticated RCE.
Mandates prompt application of the vendor patches/hotfixes that close the remote code execution vulnerability on unpatched instances.
Boundary protection mechanisms can restrict or inspect network traffic to the platform, limiting exposure of the unauthenticated input vector.