What is CVE-2024-4978?

A high-severity vulnerability in Justice AV Solutions Viewer allows privileged remote attackers to execute unauthorized PowerShell commands. Organizations should address this vulnerability promptly to mitigate risks.

What is the severity of CVE-2024-4978?

CVE-2024-4978 has a severity rating of HIGH with a CVSS base score of 8.7.

Is CVE-2024-4978 in CISA KEV?

Yes. CVE-2024-4978 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2024-4978 | High Vulnerability in Justice AV Solutions Viewer

CVE-2024-4978 is a high-severity vulnerability affecting Justice AV Solutions Viewer version 8.3.7.250-1. This vulnerability allows a remote, privileged threat actor to exploit the software by executing unauthorized PowerShell commands. The malicious binary, which is signed with an unexpected authenticode signature, poses significant risk to organizations as it could enable unauthorized access and control over systems.

The CVSS score for this vulnerability is 8.7, indicating a high severity level. The attack vector is network-based, requiring low complexity and high privileges for exploitation. As the attacker needs to interact with the system actively, the potential impact on confidentiality, integrity, and availability is substantial, marking this vulnerability as critical for any organization utilizing the affected software.

Given the potential for exploitation, organizations must prioritize patching immediately. The urgency for remediation is underscored by its inclusion in the Known Exploited Vulnerabilities (KEV) catalog, indicating that malicious actors may actively target this vulnerability.

Organizations utilizing Justice AV Solutions Viewer should assess their exposure to this vulnerability and take appropriate actions to secure their environments.

Vulnerability Details

The Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary upon execution. This vulnerability is classified under CWE-506, which indicates a breach of code signing practices. The vulnerability was published on May 23, 2024, and has been officially analyzed, confirming its risk to users.

Organizations using the affected product should be aware of the vulnerability type as it may lead to unauthorized command execution, significantly impacting system security.

Technical Analysis

The root cause of CVE-2024-4978 lies in the presence of a malicious binary within the software setup. The attack vector is network-based, requiring low complexity as the attacker needs high privileges and user interaction to exploit the vulnerability. The potential impact includes high confidentiality, integrity, and availability risks, allowing attackers to execute arbitrary PowerShell commands.

Risk & Impact Analysis

Risk to organizations includes unauthorized access and control over systems, which could lead to data breaches and significant operational disruptions. The urgency for organizations to address this vulnerability is heightened by its classification as high severity, with a CVSS score of 8.7. Organizations should consider the potential blast radius and prioritize remediation based on their operational context.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The affected versions of the Justice AV Solutions Viewer include version 8.3.7.250. Organizations should ensure that they are not using this version to mitigate risks associated with this vulnerability. If version information is missing, it is advisable to assume all versions prior to any vendor patch are affected.

Mitigation & Remediation

To mitigate and remediate this vulnerability, organizations should apply the vendor's instructions or discontinue use of the product if mitigations are unavailable. For detailed remediation guidance, organizations may refer to the vendor's instructions as outlined in the public statements available at this link.

Detection Guidance

Organizations should monitor logs for indicators of compromise associated with the unauthorized execution of PowerShell commands. Behavioral anomalies in system operations, network signatures indicative of backdoor connections, and system changes should be closely monitored to detect any exploitation attempts.

AppSecure Threat Intelligence Insight

The significance of this vulnerability lies in its exploitation potential and the implications for organizations using Justice AV Solutions Viewer. This incident highlights the increasing trend of supply chain attacks, where malicious binaries are embedded in legitimate software. Security teams should learn from this incident and implement stronger vetting and monitoring of third-party software. Organizations are encouraged to follow best practices in vulnerability management to mitigate risks associated with third-party software.

Additionally, ongoing penetration testing and regular security assessments can further enhance the security posture of organizations against such vulnerabilities.

Organizations should also consider the importance of continuous security testing as a proactive measure to identify similar weaknesses before they can be exploited.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-4978: High Vulnerability in Justice AV Solutions Viewer