Lucene search

AttackerKBAKB:32606EF9-3768-45FD-A572-86B322F7427F

HistoryMay 23, 2024 - 12:00 a.m.

CVE-2024-4978

2024-05-2300:00:00

attackerkb.com

cve-2024-4978

remote exploitation

privileged threat actor

unauthorized commands

authenticode signature

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

8.7 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

7 High

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.8%

JSON

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4978

twitter.com/2RunJack2/status/1775052981966377148

www.javs.com/downloads/

www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

8.7 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

7 High

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.8%

JSON

Related for AKB:32606EF9-3768-45FD-A572-86B322F7427F