Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2024-4879

Disclosure Date: July 10, 2024
CVE-2024-4879 CVSS v3 Base Score: 9.8
Exploited in the Wild
Reported by ccondon-r7 and 1 more...
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated

Description

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Easy to weaponizeUnauthenticatedVulnerable in default configuration
Technical Analysis

CVE-2024-4879 is a Jelly Template injection vulnerability in ServiceNow resulting from incomplete input validation. ServiceNow’s release cycle is not numbered, but named after states and with non-canonical minor version, so determining vulnerability is somewhat more difficult.
Utah versions that are patched:
Patch 10 and hot Fix 3
Patch 10a and Hot Fix 2
Vancouver versions that are patched are:
Patch 6 Hotfix 2
Patch 7 Hotfix 3b
Patch 8 Hotfix 4
Patch 9
Patch 10
Washington releases that are patched:
Patch 1Hotfix 2b
Patch 2 Hotfix 2
Patch 3 Hotfix 1
Patch 4

Jelly templates are configuration files used by the ServiceNow system; input validation for data into the file is insufficient, allowing an unauthenticated attacker to alter the Jelly Template file to gain code execution. This vulnerability was patched July 10, but as of this week, there are still reports of numerous internet-facing hosts vulnerable to this exploit with other outlets claiming that the vulnerability is being actively exploited in the wild. It is additionally complicated by the near simultaneous release of CVE-2024-5217, which has a similar vulnerability landscape, but a different vulnerability path.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154
https://www.imperva.com/blog/imperva-customers-protected-against-critical-servicenow-vulnerability/
https://www.linhttps://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploitkedin.com/pulse/cve-2024-4879-cve-2024-5217-exposed-risks-rce-servicenow-nfmtc

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Now Platform Utah Patch 10 Hot Fix 3
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • servicenow

Products

  • servicenow utah,
  • servicenow vancouver,
  • servicenow washington dc

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis