CVE-2024-5178 is a severe vulnerability that impacts the ServiceNow Washington DC, Vancouver, and Utah Now Platform releases. The vulnerability could potentially allow an administrative user to gain unauthorized access to sensitive files on the web application server. ServiceNow has addressed this sensitive file read vulnerability by releasing patches and hotfixes during the June 2024 patching cycle. It is highly recommended for users to apply these security patches to their affected instances as soon as possible.

In this post, we will provide information about the vulnerability, along with code snippets, links to original references, and exploit details.

Vulnerability Details

This sensitive file read vulnerability arises from an improper input validation in the ServiceNow Now Platform releases. As a result, an administrative user with sufficient knowledge could craft a malicious request to the file handler's API, resulting in the disclosure of sensitive files on the web application server.

Exploit Scenario

A potential exploitation of this vulnerability can occur when an attacker, who is an administrative user, sends a malicious HTTP GET request to the affected system. These requests could be manipulated in a way that allows the attacker to access sensitive files.

For example, consider this simple HTTP GET request

GET /api/filehandle?action=readfile&file=../../../etc/passwd HTTP/1.1
Host: vulnerable-service.example.com
User-Agent: Mozilla/5. 
Accept: */*

An attacker could replace the file parameter with the path of a sensitive file, such as

GET /api/filehandle?action=readfile&file=/confidential/data/important-file.txt HTTP/1.1
Host: vulnerable-service.example.com
User-Agent: Mozilla/5. 
Accept: */*

By sending such requests, the attacker may gain access to sensitive files on the system, leading to a potential security breach.

Patches and Hotfixes

ServiceNow has released patches and hotfixes to address this critical vulnerability. Users should download and apply these patches as soon as possible to ensure the security of their systems.

Users with affected Now Platform instances should consult the following pages for relevant patches

- Washington DC: Link to Washington DC Patch
- Vancouver: Link to Vancouver Patch
- Utah: Link to Utah Patch

Conclusion

CVE-2024-5178 is a critical sensitive file read vulnerability that impacts the ServiceNow Washington DC, Vancouver, and Utah Now Platform releases. Thankfully, ServiceNow has released patches and hotfixes to address this security issue. Users are strongly advised to apply the necessary patches to their affected instances and monitor the system for any suspicious activities that might indicate a potential exploitation of this vulnerability. By keeping systems up-to-date and regularly applying security patches, users can minimize the risk of unauthorized access and protect their sensitive data from potential security breaches.

Timeline

Published on: 07/10/2024 17:15:12 UTC
Last modified on: 07/11/2024 22:15:02 UTC