Aperçu
ServiceNow Vancouver and Washington DC Now Platform releases contain a critical remote code execution vulnerability caused by input validation issues. This vulnerability allows unauthenticated attackers to execute arbitrary code without requiring authentication, making it highly exploitable in production environments. La vulnérabilité a été divulguée le July 10, 2024. CISA a identifié CVE-2024-4879 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
ServiceNow's Vancouver and Washington DC Now Platform releases contain a critical remote code execution vulnerability stemming from inadequate input validation. The vulnerability allows unauthenticated attackers to bypass security controls and execute arbitrary code on affected systems. The flaw exists in a component that processes user-supplied input without sufficient validation or sanitization, enabling direct code injection attacks.
La vulnérabilité est classifiée comme CWE-94 (Improper Control of Generation of Code ('Code Injection')) etCWE-20 (Improper Input Validation) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indiquant sa nature critical.
Impact
Successful exploitation allows unauthenticated attackers to achieve complete system compromise. An attacker can execute arbitrary code with the privileges of the ServiceNow application, potentially leading to: full system takeover, unauthorized access to sensitive data stored in the instance, modification or deletion of critical business data, lateral movement to connected systems, and installation of persistent backdoors for continued access. Given ServiceNow's use in enterprise environments for IT Service Management, ITSM, HR, and other critical functions, exploitation could have severe business impact.
Mitigation et contournements
ServiceNow has released emergency security patches for both Vancouver and Washington DC releases. Organizations should immediately apply these patches through ServiceNow's update management system. Instructions are available on ServiceNow's security advisory page. Les versions suivantes incluent les correctifs nécessaires : Vancouver patch released April 16, 2024, Washington DC patch released April 16, 2024, Latest stable releases with security patches.
Comme contournements temporaires : implement network-level access controls to restrict direct internet access to servicenow instances. use web application firewalls (waf) with rules to detect and block code injection attempts.; disable or restrict access to unnecessary apis and endpoints until patches can be applied. review and tighten authentication requirements for all exposed endpoints.; implement strict input validation rules at the waf/reverse proxy level to filter potentially malicious payloads., et monitor for suspicious activity and implement detection signatures based on servicenow's ioc recommendations..
Recommandation de CISA : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
