Jul 28, 2024, 06:19 AM
(This post was last modified: Jul 28, 2024, 06:24 AM by dealerseek.)
Recently, two critical Remote Code Execution (RCE) vulnerabilities have been identified in ServiceNow: CVE-2024-4879 and CVE-2024-5217. This post will guide you on how to leverage Nuclei to scan for these vulnerabilities.
Using Nuclei for CVE Scanning:
Nuclei is a powerful tool for security automation that enables rapid scanning and detection of vulnerabilities using customizable templates. Here's how you can use Nuclei to scan for the latest ServiceNow CVEs.
we will use this query server: ServiceNow "200" to hunt vulnerable assets
we can see here over 7K
![[Image: shodan.png]](https://i.ibb.co/87kLjnC/shodan.png)
![[Image: image.jpg]](https://i.ibb.co/NV6gBTy/image.jpg)
[/url]
Full YouTube Video
Nuclei plugins:
CVE-2024-4879
[url=https://github.com/projectdiscovery/nuclei-templates/issues/10270]https://github.com/projectdiscovery/nuclei-templates/issues/10270
CVE-2024-5217
https://github.com/projectdiscovery/nucl...-5217.yaml
Reference:
https://darkwebinformer.com/poc-released...ervicenow/
Using Nuclei for CVE Scanning:
Nuclei is a powerful tool for security automation that enables rapid scanning and detection of vulnerabilities using customizable templates. Here's how you can use Nuclei to scan for the latest ServiceNow CVEs.
we will use this query server: ServiceNow "200" to hunt vulnerable assets
we can see here over 7K
[/url]
Full YouTube Video
Nuclei plugins:
CVE-2024-4879
[url=https://github.com/projectdiscovery/nuclei-templates/issues/10270]https://github.com/projectdiscovery/nuclei-templates/issues/10270
CVE-2024-5217
https://github.com/projectdiscovery/nucl...-5217.yaml
Reference:
https://darkwebinformer.com/poc-released...ervicenow/