Federal agencies have been urged by the Cybersecurity and Infrastructure Security Agency to remediate critical ServiceNow vulnerabilities, tracked as CVE-2024-4879 and CVE-2024-5217, by Aug. 19 amid ongoing attacks that have prompted the security issues' inclusion in the agency's Known Exploited Vulnerabilities catalog, according to The Record, a news site by cybersecurity firm Recorded Future.
Such advice from CISA follows several reports noting that between 13,000 and 42,000 ServiceNow systems may be compromised through the flaws, most of which were noted by Resecurity to be in the U.S., the UK, India, and the European Union. More than 6,000 sites, particularly those in the financial services industry, have also been subjected to attempted exploitation of the ServiceNow bugs, a report from Imperva revealed. Both flaws, along with the CVE-2024-5178 bug, could be leveraged by threat actors to hijack databases and steal data, said DoControl Vice President Guy Rosenthal. "The vulnerabilities also allowed a cybercriminal to read files, which means that the attacker could traverse a system and manipulate file paths and have a wide berth to go anywhere and access anything that they’d like to see or steal," Rosenthal added.
