High
CVE-2024-5217
CVE-2024-5217
Description
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Add Assessment
Technical Analysis
CVE-2024-5217 is an unauthenticated vulnerability in the input validation checks for GlideExpression scripts that results in remote code execution. It is unclear, but I expect that the vulnerability allows an unauthenticated user to provide a GlideExpression script that contains malicious commands that bypass available sanitization and result in code execution on the server.
ServiceNow’s release versioning is non-canonical, so determining if your release is vulnerable is non-trivial. Patched Versions are
Utah
Patch 10 Hot Fix 3
Patch 10a Hot Fix 2
Patch 10b Hot Fix 1
Vancouver
Patch 6 Hot Fix 2
Patch 7 Hot Fix 3b
Patch 8 Hot Fix 4
Patch 9 Hot Fix 1
Patch 10
Washington
Patch 1 Hot Fix 3b
Patch 2 Hot Fix 2
Patch 3 Hot Fix 2
Patch 4
Patch 5
These releases are similar, but not the same as CVE-2024-4879, another input validation vulnerability resulting in unauthenticated RCE. Several other less critical vulnerabilities with similar number have been released. CVE-2024-4879 and CVE-2024-5217 are the most critical in the batch release, and both have been reported as being exploited in the wild with low technical expertise required.
CVSS V3 Severity and Metrics
General Information
Vendors
- servicenow
Products
- servicenow utah,
- servicenow vancouver,
- servicenow washington dc
Exploited in the Wild
References
