Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
References
Link | Resource |
---|---|
https://twitter.com/2RunJack2/status/1775052981966377148 | Press/Media Coverage Third Party Advisory |
https://www.javs.com/downloads/ | Vendor Advisory |
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisa-cg
Published: 2024-05-23T01:56:37.946Z
Updated: 2024-06-04T17:55:59.158Z
Reserved: 2024-05-15T21:03:53.551Z
Link: CVE-2024-4978
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-05-23T02:15:09.257
Modified: 2024-05-31T16:03:52.247
Link: CVE-2024-4978
JSON object: View
Redhat Information
No data.
CWE