CVE-2024-8923

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 29, 2024 / Updated: 21d ago

010
CVSS 9.3EPSS 0.04%Critical
CVE info copied to clipboard

Summary

An input validation vulnerability has been identified in the ServiceNow Now Platform. This vulnerability allows an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability requires no user interaction and can be exploited over the network without any privileges, making it particularly dangerous.

Impact

This vulnerability is extremely severe, with a CVSS v3.1 base score of 9.8 (Critical) and a CVSS v4.0 base score of 9.3 (Critical). The impact is high across all three primary security objectives: 1. Confidentiality: High impact, potentially allowing unauthorized access to sensitive information. 2. Integrity: High impact, possibly enabling attackers to modify or manipulate data within the Now Platform. 3. Availability: High impact, potentially disrupting services or causing system downtime. Given its critical severity and ease of exploitation, this vulnerability should be prioritized for immediate patching. Attacks exploiting this vulnerability could result in unauthorized access to sensitive data, manipulation of system information, and potential service disruptions or system downtime.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

ServiceNow has addressed this vulnerability by deploying updates to hosted instances and providing updates to partners and self-hosted customers. Patches and hot fixes are available to address this issue. For hosted instances, ServiceNow has already deployed the update. Self-hosted customers and partners should promptly apply the provided update.

Mitigation

1. Apply the patches or hot fixes provided by ServiceNow immediately. 2. For hosted instances, ensure that the update deployed by ServiceNow has been applied. 3. Self-hosted customers and partners should promptly apply the provided update. 4. Implement network segmentation and access controls to limit exposure of the Now Platform to untrusted networks. 5. Monitor systems for any signs of unauthorized access or unusual activity. 6. Perform a thorough security assessment to identify any potential compromise that may have occurred before patching.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-8923

Oct 29, 2024 at 4:15 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 29, 2024 at 4:21 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-8923. See article

Oct 29, 2024 at 4:23 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 29, 2024 at 4:23 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 30, 2024 at 10:18 AM
Threat Intelligence Report

CVE-2024-8923 is a critical vulnerability in the ServiceNow Now Platform, classified as a Sandbox Escape with a CVSS score of 9.8, allowing unauthenticated users to perform Remote Code Execution due to an input validation error. As of now, there are no reports of exploitation in the wild or associated Advanced Persistent Threat (APT) groups, but organizations are urged to apply the patches released in August and October 2024 to mitigate risks. Additionally, implementing further security measures such as network segmentation and continuous monitoring is recommended to enhance protection against potential future exploitation. See article

Nov 3, 2024 at 6:33 AM
Static CVE Timeline Graph

Affected Systems

Servicenow/servicenow
+null more

Patches

support.servicenow.com
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

References

CVE-2024-8923 - Sandbox Escape in Now Platform - Security
We use cookies on this site to improve your browsing experience, analyze individualized usage and website traffic, tailor content to your preferences, and make your interactions with our website more meaningful. To learn more about the cookies we use and how you can change your preferences, please read our Cookie Policy and visit our Cookie Preference Manager . By clicking “Accept and Proceed,” closing this banner or continuing to browse this site, you consent to the use of cookies.
Critical Sandbox Escape Vulnerability in ServiceNow Now Platform: CVE-2024-8923 Analysis
However, given the critical nature of the flaw and the widespread use of the ServiceNow platform, it is imperative for organizations to remain vigilant and apply patches promptly to mitigate potential risks. Organizations using the ServiceNow Now Platform are strongly advised to apply the available patches immediately to mitigate the risk of exploitation.

News

Critical Sandbox Escape Vulnerability in ServiceNow Now Platform: CVE-2024-8923 Analysis
However, given the critical nature of the flaw and the widespread use of the ServiceNow platform, it is imperative for organizations to remain vigilant and apply patches promptly to mitigate potential risks. Organizations using the ServiceNow Now Platform are strongly advised to apply the available patches immediately to mitigate the risk of exploitation.
Cyber Daily 11/1: MFA Vulnerability Exposes Credit Card Data, Sri Lanka CERT Warns of ...
Welcome to the November 1st issue of ONSEC Cyber Daily, your one-stop source for the latest in cybersecurity news. Stay tuned for our podcast section where we'll highlight discussions on cybersecurity platforms, compliance nightmares, space security issues, and practical cybersecurity resources for MSPs. Don't miss out on this comprehensive coverage of today's most pressing cybersecurity issues.
ServiceNow fixes vulnerabilities in Now Platform
ServiceNow has recently addressed two critical vulnerabilities in its Now Platform that pose significant security risks to organizations. This flaw enables unauthenticated attackers to execute remote code within the platform's context, potentially granting them full control over the system, exposing sensitive data, and compromising platform integrity.
cveNotify : 🚨 CVE-2024-8923ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.🎖@cveNotify
cveNotify : 🚨 CVE-2024-8923ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.🎖@cveNotify
ServiceNow's Now Platform has encountered two critical vulnerabilities (CVE-2024-8923 and CVE-2024-8924) that pose serious risks to organizations by potentially allowing unauthorized access and exposing sensitive data. https:// socradar.io/servicenow-now-pla tform-vulnerabilities-cve-2024-8923/
See 23 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI