CVE-2024-5217

CRITICAL KEV NUCLEI

ServiceNow Washington DC and Vancouver - Unauthenticated Remote Code Execution

Title source: manual

Exploitation Summary

CVE-2024-5217 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 29, 2024. EIP tracks 1 public exploit. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains Nuclei templates for detecting CVE-2024-4879 and CVE-2024-5217 in ServiceNow instances. These templates check for template injection vulnerabilities by injecting payloads and verifying responses, but do not include functional exploit code for achieving RCE.

Description

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

Exploits (1)

vulncheck_xdb SCANNER

remote

https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning

View Code ZIP pw:eip

The repository contains Nuclei templates for detecting CVE-2024-4879 and CVE-2024-5217 in ServiceNow instances. These templates check for template injection vulnerabilities by injecting payloads and verifying responses, but do not include functional exploit code for achieving RCE.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ServiceNow (Washington DC, Vancouver, and earlier releases)

No auth needed

Prerequisites: access to the target ServiceNow instance

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

ServiceNow - Incomplete Input Validation

CRITICALVERIFIEDby DhiyaneshDk,ritikchaddha

Shodan: http.favicon.hash:"1701804003" || http.title:"servicenow"

FOFA: icon_hash=1701804003 || title="servicenow"

References (4)

Core 4

Core References

Vendor Advisory

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313

Press/Media Coverage

https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5217

Permissions Required x_login-required

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293

Scores

CVSS v3 9.8

EPSS 0.9411

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2024-07-29

VulnCheck KEV 2024-07-20

InTheWild.io 2024-07-29

ENISA EUVD EUVD-2024-46457

CWE

CWE-184 CWE-697

Status published

Products (2)

servicenow/servicenow utah (47 CPE variants)

servicenow/servicenow vancouver (3 CPE variants)

Published Jul 10, 2024

KEV Added Jul 29, 2024

Tracked Since Feb 18, 2026