WARNING: CRITICAL VULNERABILITY IN SERVICENOW COULD LEAD TO REMOTE CODE EXECUTION
CVE-2024-8923
CVSS 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
Sources
Risks
On 29 October 2024, ServiceNow published an advisory addressing a critical vulnerability in the Now Platform. An unauthenticated user could exploit this vulnerability to execute code remotely.
ServiceNow’s Now Platform is a popular platform, widely used across the globe. Customers of ServiceNow may choose ServiceNow’s cloud offering, which makes these instances attractive targets as they may host sensitive data and are externally accessible.
There is no information as to active exploitation at this time (cut-off date: 30 October 2024).
Exploitation of this vulnerability can have a high impact on confidentiality, integrity and availability.
Description
CVE-2024-8923 is an input validation vulnerability present in the Now Platform releases prior to Xanadu General Availability. Successful exploitation of this vulnerability would enable an unauthenticated user to remotely execute code within the context of the Now Platform.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
ServiceNow urges customers to implement the newest version as soon as possible. Patches have been released since August 2024 for the following versions:
- For release Xanadu: the fixed version can be found in the Xanada GA Release
- For release Washington DC: the fixed versions can be found in Washington DC Patch 4 Hot Fix 1a and Washington DC Patch 5
- For release Vancouver: the fixed versions can be found in Vancouver Patch 9 Hot Fix 2a and Vancouver Patch 10
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.