- Servicenow set three failures in May 2024, but Greynoise researchers saw a resurgence of abuse
- Failures can be used for full access to the database
- Users must immediately patch to make sure they are protected
There has been a “remarkable resurgence” in the abuse of three related to Servicenow security vulnerabilities, experts warn.
In May 2024, Assetnote security researchers found vulnerabilities, tracked as CVE-2024-4879, CVE-2024-5178 and CVE-2024-5217, which Servicenow patched the same day.
However, it seems that many organizations did not obtain the memorandum (which was launched in July the same year, when the CVEs were published as part of a coordinated effort with Assetnote), since their instances remained without blinking and now they have become an objective, according to Greynoise researchers.
Chaining errors
The researchers found that there has been a significant increase in attacks that abuse these defects, and although they could not attribute attacks on any known threat actor, they did not observe that almost three quarters (70%) of the attacks directed Israeli companies. A remarkable activity was also seen in Germany, Japan and Lithuania.
Vulnerabilities can be abused separately, but when they are chained, they grant “full access to the database,” Greynoise added, which puts vulnerable organizations at an immense risk, since Servicenow is used to handle the confidential information of employees.
The attackers would inject a payload that verifies a specific result in the server response. If you get the appropriate one, it implements a payload of the second stage that verifies the content of the database.
The last step is to dump user lists and account credentials. While most of the time the credentials are hash, there are some examples in which the credentials were thrown into text without format.
That can lead to a account commitment that, in turn, can have devastating consequences, such as ransomware attacks.
Servicenow is a cloud -based platform that provides business IT services management (STIs) and automation solutions.
It helps organizations to rationalize workflows, automate commercial processes and improve efficiency between you, RR. HH., Customer service, security and other departments.
Servicenow has almost 300,000 instances exposed to the Internet, so it is a fairly popular solution.
Some of its customers include Coca-Cola (use it to rationalize IT services management), Dell (Automation and Ti Services Management), Deloitte (Automation and Optimization of IT services) and the State of California (Ti Services and Operations Management throughout the State).
Through Techcrunch
