vulnerability

Javs Viewer: CVE-2024-4978: Backdoor Discovered in JAVS Viewer

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	05/23/2024	05/23/2024	05/24/2024

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

05/23/2024

Added

05/23/2024

Modified

05/24/2024

Description

Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk and should take immediate action. This version contains a backdoored installer that allows attackers to gain full control of affected systems. **Completely re-imaging affected endpoints and resetting associated credentials is critical to ensure attackers have not persisted through backdoors or stolen credentials.** Users should install the latest version of JAVS Viewer (8.3.8 or higher) **after** re-imaging affected systems. These findings were identified through an investigation performed by Rapid7 analysts.

Solution

javs-viewer-fffmpeg-detected

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today