- ServiceNow fixed three missing in July 2024, but researchers from Greynoise saw a resurgence of abuse
- The deficiencies can be used for full database access
- Users must immediately patch to make sure they are protected
There has been a “remarkable resurgence” in the abuse of three about ServiceNow safety vulnerability, experts warn.
In May 2024, security researchers from Assetnote found vulnerabilities, the track as CVE-2024-4879, CVE-2024-5178 and CVE-2024-5217, which Serviceenow patched in July of that year.
However, it seems that many organizations did not get the note as their cases remained unannounced and have now become a goal, according to researchers from Greynoise.
Chain the errors
The researchers found that there has been a significant uptick in the attacks abusing these shortcomings, and although they could not attribute the attacks to any known threat actors, they noted that almost three -quarters (70%) of the attacks targeted Israeli companies. Remarkable activity was also discovered in Germany, Japan and Lithuania.
The vulnerabilities can be abused separately, but when they are bound, they provide “full database access,” added Greynoise, which puts vulnerable organizations at huge risk as ServiceNow is used to handle sensitive employee information.
The attackers would inject a payload that checks for a specific result in the server response. If it gets it appropriate, it exposes a second-stage payload that checks the contents of the database.
The last step is to dump user lists and account information. While most of the time is the credentials of Hashed, there are some examples where the credentials were dumped in plaintext.
It can lead to account development, which in turn can have devastating consequences, such as ransomware attacks.
ServiceNow is a cloud -based platform that delivers Enterprise IT Service Management (ITSM) and Automation Solutions.
It helps organizations streamline workflows, automate business processes and improve efficiency across it, HR, customer service, security and other departments.
ServiceNow has nearly 300,000 Internet-exposed cases, making it quite a popular solution.
Some of its clients include Coca-Cola (using it for streamlining IT service administration), Dell (IT Service Automation and Management), Deloitte (IT Service Automation and Optimization) and State California (Government of State IT Services and Operations).
Via Techcrunch
