SB2024052429 - Backdoor in Justice AV Solutions Viewer software

Description

This security bulletin contains information about 1 vulnerability.

1) Embedded malicious code (backdoor) (CVE-ID: CVE-2024-4978)

CWE-ID: CWE-506 - Embedded Malicious Code

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application setup file "Justice AV Solutions Viewer Setup 8.3.7.250-1" downloaded from the official website. A remote attacker to gain unauthorized access to the system.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

References

• https://twitter.com/2RunJack2/status/1775052981966377148
• https://github.com/advisories/GHSA-wf54-f8v9-v72v
• https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/