Vulnerabilities > CVE-2024-4978 - Unspecified vulnerability in Javs Viewer 8.3.7.250

CVSS 8.4 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

javs

NVD

Published: 2024-05-23

Updated: 2024-05-31

Summary

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

Vulnerable Configurations

Part	Description	Count
Application	Javs Javs Javs Viewer 8.3.7.250	1

References

https://twitter.com/2RunJack2/status/1775052981966377148
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
https://www.javs.com/downloads/

Summary

Vulnerable Configurations

Related news

References