CVE-2024-4978
Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability
CVSS
—
Sin CVSS
EPSS
26.9%
p98
KEV
SÍ
29 may 2024
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
Justice AV Solutions / Viewer
Vulnerabilidad
Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability
Añadido a KEV
29 may 2024
Remediar antes de
19 jun 2024
Uso conocido en ransomware
No
Descripción resumida
Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
Please follow the vendor’s instructions as outlined in the public statements at https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack#remediation and https://www.javs.com/downloads; https://nvd.nist.gov/vuln/detail/CVE-2024-4978
Sin CVEs relacionados por CWE o producto.