CVE-2024-4978

Опубликовано: 23 мая 2024

Источник: nvd

CVSS3: 8.4

EPSS Средний

Описание

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

Ссылки

https://twitter.com/2RunJack2/status/1775052981966377148
Third Party Advisory
https://www.javs.com/downloads/
Broken Link
Product
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
Exploit
Third Party Advisory
https://twitter.com/2RunJack2/status/1775052981966377148
Third Party Advisory
https://www.javs.com/downloads/
Broken Link
Product
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
Exploit
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4978
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:javs:javs_viewer:8.3.7.250:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14148

Средний

8.4 High

CVSS3

Дефекты

CWE-506

NVD-CWE-Other

Связанные уязвимости

GHSA-wf54-f8v9-v72v