vulnerability

Javs Viewer: CVE-2024-4978: Backdoor Discovered in JAVS Viewer

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	May 23, 2024	May 23, 2024	May 24, 2024

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

May 23, 2024

Added

May 23, 2024

Modified

May 24, 2024

Description

Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk and should take immediate action. This version contains a backdoored installer that allows attackers to gain full control of affected systems. **Completely re-imaging affected endpoints and resetting associated credentials is critical to ensure attackers have not persisted through backdoors or stolen credentials.** Users should install the latest version of JAVS Viewer (8.3.8 or higher) **after** re-imaging affected systems. These findings were identified through an investigation performed by Rapid7 analysts.

Solution

javs-viewer-fffmpeg-detected

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today