Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
References
Link | Resource |
---|---|
https://twitter.com/2RunJack2/status/1775052981966377148 | Press/Media Coverage Third Party Advisory |
https://www.javs.com/downloads/ | Vendor Advisory |
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ | Exploit Third Party Advisory |
https://twitter.com/2RunJack2/status/1775052981966377148 | Press/Media Coverage Third Party Advisory |
https://www.javs.com/downloads/ | Vendor Advisory |
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 09:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://twitter.com/2RunJack2/status/1775052981966377148 - Press/Media Coverage, Third Party Advisory | |
References | () https://www.javs.com/downloads/ - Vendor Advisory | |
References | () https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ - Exploit, Third Party Advisory |
31 May 2024, 16:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://twitter.com/2RunJack2/status/1775052981966377148 - Press/Media Coverage, Third Party Advisory | |
References | () https://www.javs.com/downloads/ - Vendor Advisory | |
References | () https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:javs:javs_viewer:8.3.7.250:*:*:*:*:*:*:* | |
CWE | NVD-CWE-Other | |
First Time |
Javs
Javs javs Viewer |
29 May 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 May 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-506 |
23 May 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-23 02:15
Updated : 2024-11-21 09:43
NVD link : CVE-2024-4978
Mitre link : CVE-2024-4978
CVE.ORG link : CVE-2024-4978
JSON object : View
Products Affected
javs
- javs_viewer
CWE