External risk intelligence

Justice AV Solutions Viewer Compromised by Malicious Binary

CVE advisoryKnown Exploit

CVE-2024-4978

A malicious binary within the Justice AV Solutions Viewer installer allows unauthorized remote attackers to execute PowerShell commands. This poses a business risk to organizations using the software by potentially compromising systems and data.

1Halo Surface Signal

Javs Viewer

8.3.7.250

External exposure likelihood

Halo Surface Signal score for CVE-2024-4978

This vulnerability resides within a software installation package for a viewer application. The risk is associated with the execution of a local binary during the setup or update process. It is not an internet-facing service, web application, or edge gateway, and typical deployment occurs within controlled environments where users manually execute installer files.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

The Justice AV Solutions Viewer installation package contains a compromised binary. When executed, this compromised component allows unauthorized remote attackers to run PowerShell commands. This could lead to significant business risk through the execution of malicious scripts.

  • Vulnerable: Justice AV Solutions Viewer installer
  • Flaw: Malicious binary included
  • Impact: Unauthorized command execution

Attack Path

How an attacker could exploit the issue

This vulnerability involves a malicious binary included in the Justice AV Solutions Viewer Setup. A remote, privileged attacker can exploit this to run unauthorized PowerShell commands. This could lead to compromised systems and data, posing a significant business risk.

  • Exposure requires privileged access.
  • Attacker uses a malicious binary.
  • Trigger results in unauthorized commands.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability involves a malicious binary embedded within the Justice AV Solutions Viewer setup. A threat actor with privileged access could leverage this to execute unauthorized PowerShell commands. The potential impact includes unauthorized system control and data exfiltration.

  • High attacker skill level likely
  • Privileged access required
  • High business risk or urgency

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

A security vulnerability has been identified in Justice AV Solutions Viewer, which, when exploited, could allow a threat actor to execute unauthorized PowerShell commands remotely. This impacts organizations using the affected software, potentially compromising system integrity and data confidentiality. The vulnerability is associated with a malicious binary embedded within the installer, signed with an unexpected authenticode signature.

  • Identify exposed installations of the Justice AV Solutions Viewer.
  • Reduce exposure by isolating affected systems or discontinuing product use.
  • Apply vendor-provided fixes and validate successful implementation.
  • Monitor for related security incidents.

Frequently asked questions

What is Justice AV Solutions Viewer and its role in security incidents?

Justice AV Solutions Viewer is a software application that, when installed via a compromised package, can lead to security vulnerabilities. The installer itself contained a malicious binary, allowing unauthorized remote attackers to execute PowerShell commands.

What type of weakness does CVE-2024-4978 describe?

CVE-2024-4978 describes a supply chain attack weakness. The vulnerability stems from a malicious binary embedded within the Justice AV Solutions Viewer installer, rather than a flaw in the legitimate software's code.

How can CVE-2024-4978 be triggered and what is its scope?

The vulnerability is triggered when the compromised Justice AV Solutions Viewer installer is executed by a privileged user. The scope of impact involves the potential for unauthorized remote execution of PowerShell commands, which could lead to broader system compromise.

What is the significance of CVE-2024-4978 for organizations?

This vulnerability is significant because it represents a supply chain attack where trusted software distribution channels are compromised. The Halo Surface Signal indicates this is 'Very unlikely' to be an internet-facing issue, with risk tied to manual execution of installer files in controlled environments.

What steps should be taken to address this vulnerability?

Organizations should identify any installations of the affected Justice AV Solutions Viewer. Mitigation involves isolating affected systems or discontinuing product use if vendor fixes are unavailable. Applying vendor-provided patches and monitoring for related incidents are crucial.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified