CVE CVE

CVE-2024-4978

CISA Known Exploited Vulnerability (KEV)

Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability

May 29, 2024

June 19, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

Weakness Enumeration

CWE-ID CWE Name

CWE-506
Embedded Malicious Code

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
8.4
Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVSS v2

Not defined