#VU89806 Embedded malicious code (backdoor) in JAVS Viewer
Vulnerability identifier: #VU89806
Vulnerability risk: Critical
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-506
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
JAVS Viewer
Client/Desktop applications /
Multimedia software
Vendor: Justice AV Solutions
Description
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application setup file "Justice AV Solutions Viewer Setup 8.3.7.250-1" downloaded from the official website. A remote attacker to gain unauthorized access to the system.
Note, the vulnerability is being actively exploited in the wild.
Mitigation
Install the latest version from vendor's website.
Vulnerable software versions
JAVS Viewer: 8.3.7
External links
http://twitter.com/2RunJack2/status/1775052981966377148
http://github.com/advisories/GHSA-wf54-f8v9-v72v
http://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
