Cyber Resilience

CVE-2024-5217

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 10 July 2024

Published
10 July 2024
Modified
03 November 2025
KEV Added
29 July 2024
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.9411 99.9th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5217 is a critical-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Servicenow Servicenow. Its CVSS base score is 9.2 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

ServiceNow addressed an input validation vulnerability present in its Now Platform releases Washington DC, Vancouver, and earlier. The flaw, tracked as CVE-2024-5217, permits remote code execution in the context of the platform and carries a CVSS 4.0 score of 9.2.

An unauthenticated attacker with network access can supply crafted input to trigger arbitrary code execution without user interaction or elevated privileges. The associated CWEs (184 and 697) point to failures in input validation and equivalence checks that allow the malicious payload to reach execution.

ServiceNow’s June 2024 security patches and hot fixes resolve the issue; the vendor’s KB articles KB1644293 and KB1648313 list the specific fixed builds and urge customers to apply the relevant updates immediately. Public references also note active exploitation attempts against unpatched instances.

EPSS scores remain elevated, with a current value of 0.9411 and a recorded peak of 0.9616, indicating sustained exploitation interest since disclosure.

EU & UK References

Vulnerability details

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability…

more

is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

CWE(s)
KEV Date Added
29 July 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

servicenow
servicenow
utah, vancouver, washington_dc

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to block the malformed data that enables unauthenticated RCE in the Now Platform.

prevent

Mandates prompt application of the June 2024 patches/hotfixes that remediate CVE-2024-5217 before exploitation occurs.

prevent

Boundary-protection mechanisms can restrict network-reachable access to the vulnerable ServiceNow instance, limiting unauthenticated attack surface.

References