Cyber Resilience

CVE-2024-4978

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 23 May 2024

Published
23 May 2024
Modified
24 October 2025
KEV Added
29 May 2024
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1249 94.1th percentile
Risk Priority 45 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-4978 is a high-severity Embedded Malicious Code (CWE-506) vulnerability in Javs Javs Viewer. Its CVSS base score is 8.7 (High).

Operationally, ranked in the top 5.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

Justice AV Solutions Viewer Setup version 8.3.7.250-1 is affected by embedded malicious code tracked as CVE-2024-4978. The installer binary executes with an unexpected Authenticode signature and contains a backdoor that enables unauthorized PowerShell command execution once the package is run.

A remote attacker who has already obtained privileged access can leverage the signed malicious binary to run arbitrary PowerShell commands on the victim system. The attack vector requires user interaction to launch the installer and is rated 8.7 under CVSS 4.0, reflecting high impact on confidentiality, integrity, and availability.

Public references, including a Rapid7 analysis, describe the issue as an apparent supply-chain compromise in which a trojanized installer was distributed through the vendor’s download site. The associated EPSS score rose from a low baseline to a peak of 0.1415, indicating measurable post-disclosure exploitation interest. Organizations are advised to verify installer signatures against known-good values and obtain current builds directly from the vendor.

EU & UK References

Vulnerability details

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

CWE(s)
KEV Date Added
29 May 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

javs
javs viewer
8.3.7.250

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires cryptographic signature verification of software components, which would have rejected the unexpected Authenticode signature on the malicious JAVS installer.

preventdetect

Mandates integrity verification of software and firmware, enabling detection of the embedded malicious binary (CWE-506) before execution.

prevent

Requires validation of component authenticity and provenance, mitigating supply-chain delivery of the backdoored installer from the vendor site.

References