- ServiceNow set three flaws in May 2024, but Greynoise researchers saw an abuse of mistreatment
- Defects can be used for full access to the database
- Users must patcher immediately to ensure that they are protected
There was a “notable resurgence” in the abuse of three concerning the security vulnerabilities of the security services, the experts warn.
In May 2024, assetnote safety researchers found vulnerabilities, followed under the name of CVE-2024-4879, CVE-2024-5178 and CVE-2024-5217, which were divided on the same day.
However, it seems that many organizations did not obtain the memo (which was published in July the same year, when CVE was released as part of a coordinated effort with Assetnote), because their bodies have remained unlikely and have now become a target, according to Graynoise researchers.
Chaining the bugs
The researchers discovered that there had been a significant increase in the abusing attacks of these faults, and although they cannot attribute the attacks to any known threat player, they noted that almost three -quarters (70%) of the attacks were targeting Israeli companies. A notable activity was also identified in Germany, Japan and Lithuania.
Vulnerabilities can be abused separately, but when they are chained, they grant “full access to the database”, added Greynoise, which puts organizations vulnerable to a huge risk, Car ServiceNow is used to manage sensitive information from employees.
The attackers would inject a payload which checks a specific result in the server’s response. If it obtains the appropriate one, it deploys a second step payload which checks the content of the database.
The last step is to empty user lists and account identification information. Although most of the time identification information is chopped, there are some examples where identification information has been dropped in text in clear.
This can lead to an account compromise which, in turn, can have devastating consequences, such as ransomware attacks.
ServiceNow is a cloud-based platform that provides business IT services management (ITSM) and automation solutions.
It helps organizations to rationalize workflows, automate trade processes and improve efficiency between services, HR, customer service, security and other departments.
ServiceNow has nearly 300,000 instances exposed to the Internet, making it a fairly popular solution.
Some of its customers include Coca-Cola (uses it to rationalize the management of IT services), DEL (Automation and IT services), Deloitte (IT Automation and Optimization) and the State of California (Management of IT services and IT operations).
Via Techcrunch
