CVE-2024-4978

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
Configurations

Configuration 1 (hide)

cpe:2.3:a:javs:javs_viewer:8.3.7.250:*:*:*:*:*:*:*

History

21 Nov 2024, 09:43

Type Values Removed Values Added
References () https://twitter.com/2RunJack2/status/1775052981966377148 - Press/Media Coverage, Third Party Advisory () https://twitter.com/2RunJack2/status/1775052981966377148 - Press/Media Coverage, Third Party Advisory
References () https://www.javs.com/downloads/ - Vendor Advisory () https://www.javs.com/downloads/ - Vendor Advisory
References () https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ - Exploit, Third Party Advisory () https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ - Exploit, Third Party Advisory

31 May 2024, 16:03

Type Values Removed Values Added
References () https://twitter.com/2RunJack2/status/1775052981966377148 - () https://twitter.com/2RunJack2/status/1775052981966377148 - Press/Media Coverage, Third Party Advisory
References () https://www.javs.com/downloads/ - () https://www.javs.com/downloads/ - Vendor Advisory
References () https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ - () https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:javs:javs_viewer:8.3.7.250:*:*:*:*:*:*:*
CWE NVD-CWE-Other
First Time Javs
Javs javs Viewer

29 May 2024, 18:15

Type Values Removed Values Added
References
  • () https://www.javs.com/downloads/ -
  • () https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ -

24 May 2024, 14:15

Type Values Removed Values Added
Summary
  • (es) Justice AV Solutions Viewer Setup 8.3.7.250-1 contiene un binario malicioso cuando se ejecuta y está firmado con una firma de código de autenticación inesperada. Un actor de amenazas remoto y privilegiado puede aprovechar esta vulnerabilidad para ejecutar comandos de PowerShell no autorizados.
CWE CWE-502 CWE-506

23 May 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-23 02:15

Updated : 2024-11-21 09:43


NVD link : CVE-2024-4978

Mitre link : CVE-2024-4978

CVE.ORG link : CVE-2024-4978


JSON object : View

Products Affected

javs

  • javs_viewer
CWE
CWE-506

Embedded Malicious Code

NVD-CWE-Other