#VU89806 Embedded malicious code (backdoor) in JAVS Viewer - CVE-2024-4978

Cybersecurity Help s.r.o.

Published: 2024-05-24

Vulnerability identifier: #VU89806

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-4978

CWE-ID: CWE-506

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
JAVS Viewer
Client/Desktop applications / Multimedia software

Vendor: Justice AV Solutions

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application setup file "Justice AV Solutions Viewer Setup 8.3.7.250-1" downloaded from the official website. A remote attacker to gain unauthorized access to the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation
Install the latest version from vendor's website.

Vulnerable software versions

JAVS Viewer: 8.3.7

External links
https://twitter.com/2RunJack2/status/1775052981966377148
https://github.com/advisories/GHSA-wf54-f8v9-v72v
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Backdoor in Justice AV Solutions Viewer software