A critical remote code execution (RCE) vulnerability in the ServiceNow Now Platform, identified as CVE-2024-4879, is actively being exploited in the wild. This vulnerability, which affects the Vancouver and Washington DC releases of the platform, has been assigned a CVSS score of 9.8, indicating its severe potential impact. The flaw, stemming from improper input validation, allows unauthenticated attackers to execute arbitrary code remotely within the context of the affected ServiceNow instances.
The vulnerability was publicly disclosed on July 10, 2024, and has since been added to the Known Exploited Vulnerabilities (KEV) catalog as of July 29, 2024. It has a high Exploit Prediction Scoring System (EPSS) score of 0.943, reflecting the likelihood of exploitation. The time to exploitation in the wild was notably swift, occurring just 18.3 days post-disclosure.
ServiceNow has responded by applying updates to its hosted instances to mitigate this threat. However, organizations using on-premise versions of the affected releases must ensure they apply the necessary patches to protect their environments. Nine proof-of-concept (PoC) exploits have been made available, increasing the risk of widespread exploitation.
Security teams are urged to prioritize patching this vulnerability due to its critical nature and active exploitation status. The Stakeholder-Specific Vulnerability Categorization (SSVC) recommends immediate action to mitigate potential risks. Organizations should verify that their ServiceNow instances are updated and monitor for any signs of compromise.
CSURFACE