CVE-2024-4978

Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability

Severity Score

8.7

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

Justice AV Solutions Viewer Setup 8.3.7.250-1 contiene un binario malicioso cuando se ejecuta y está firmado con una firma de código de autenticación inesperada. Un actor de amenazas remoto y privilegiado puede aprovechar esta vulnerabilidad para ejecutar comandos de PowerShell no autorizados.

Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

Present

Privileges Required

High

User Interaction

Active

System

Vulnerable | Subsequent

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-05-15 CVE Reserved
2024-05-23 CVE Published
2024-05-29 Exploited in Wild
2024-06-01 EPSS Updated
2024-06-19 KEV Due Date
2024-08-01 CVE Updated
2024-08-01 First Exploit

CWE

CWE-506: Embedded Malicious Code

CAPEC

CAPEC-122: Privilege Abuse

References (3)

URL	Tag	Source
https://twitter.com/2RunJack2/status/1775052981966377148	Media Coverage

URL	Date	SRC
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack	2024-08-01

URL	Date	SRC

URL	Date	SRC
https://www.javs.com/downloads	2024-05-31

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Javs Search vendor "Javs"		Javs Viewer Search vendor "Javs" for product "Javs Viewer"				8.3.7.250 Search vendor "Javs" for product "Javs Viewer" and version "8.3.7.250"		-		Affected