Cisa-cgCVELIST:CVE-2024-4978CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
8.7 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
8.4 High
AI Score
Confidence
High
0.028 Low
EPSS
Percentile
90.8%
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Viewer",
"vendor": "Justice AV Solutions",
"versions": [
{
"status": "affected",
"version": "8.3.7.250"
}
]
}
]Related
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
8.7 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
8.4 High
AI Score
Confidence
High
0.028 Low
EPSS
Percentile
90.8%