CISA Alerts: May 29, 2024 – Justice AV Solutions (JAVS) Viewer

JAVS Malicious Code in courtroom

CISA Alert Highlights for May 29, 2024 - Justice AV Solutions (JAVS) Viewer

How are Vulnerabilities Rated?

This vulnerabilities report focuses on Justice AV Solutions (JAVS) Viewer v8.3.7. This vulnerability is reported in conjunction with the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). Users of JAVS Viewer are at high risk and should take immediate action.

These vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

The Justice AV Solutions Viewer Setup v8.3.7.250-1 includes a malicious binary upon execution and features an unexpected authenticode signature.

Vendor/Product:

Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability

Description: 

Justice AV Solutions (JAVS) is a company based in the U.S. that specializes in digital audio-visual recording solutions tailored for courtroom settings. JAVS technologies are implemented in various legal environments, including courtrooms, chambers, jury rooms, as well as in jails and prisons, hearing rooms, lecture halls, meeting spaces, and government agencies with more than 10,000 global installations of this technology.

The Justice AV Solutions Viewer Setup version v8.3.7.250-1 is compromised with a malicious binary upon execution and bears an unexpected authenticode signature. This vulnerability could be exploited by a remote, privileged threat actor to carry out unauthorized PowerShell commands.

Impact:

Users of JAVS Viewer version 8.3.7.250-1 are at significant risk and must act promptly. The installer for this version has been compromised, granting attackers complete access to the systems. It is imperative to re-image all compromised endpoints and reset all related credentials to guarantee that attackers have not maintained access through backdoors or by using stolen credentials.

Published Date:  05/29/2024

Source: CVE-2024-4978

Max Severity:  Important

CVSS Score: 8.7

Mitigation:  Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. JAVS AV Software Downloads

If you suspect you may have a vulnerability that you need help to mitigate, the cybersecurity team Spry Squared is standing by.