CVE-2024-4978 identifies a critical vulnerability in Justice AV Solutions Viewer version 8.3.7.250, where the installation package contains an embedded malicious binary signed with an unexpected Authenticode signature, indicating potential tampering or supply chain compromise. This malicious binary enables a remote attacker with privileged access to execute unauthorized PowerShell commands on the affected system. The vulnerability falls under CWE-506, which relates to embedded malicious code, highlighting the risk of hidden or disguised malware within legitimate software components. The attack vector is network-based (AV:N), with low attack complexity (AC:L), but requires high privileges (PR:H) and user interaction (UI:R), and the scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially compromised component. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), allowing attackers to potentially take full control of the system, exfiltrate sensitive data, or disrupt operations. Although no exploits have been reported in the wild yet, the presence of a malicious binary signed with an unexpected certificate raises concerns about software supply chain security and trustworthiness. This vulnerability is particularly dangerous in environments where Justice AV Solutions Viewer is used for critical justice or law enforcement operations, as unauthorized PowerShell execution can lead to severe operational disruptions or data breaches.

For European organizations, especially those in the justice, law enforcement, and public safety sectors, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive case files, manipulation or deletion of evidence, and disruption of critical judicial processes. The high impact on confidentiality, integrity, and availability means that attackers could gain persistent control over affected systems, potentially leading to data breaches, ransomware deployment, or sabotage of judicial workflows. The requirement for privileged access and user interaction somewhat limits the attack surface but does not eliminate the risk, particularly in environments where users have elevated privileges or where social engineering could be used to induce interaction. The unexpected Authenticode signature suggests a possible supply chain compromise, which could undermine trust in software updates and distribution channels, further complicating incident response and recovery efforts. The absence of known exploits in the wild provides a window for proactive defense, but the high CVSS score indicates that the vulnerability should be treated with urgency.

1. Verify the integrity and authenticity of Justice AV Solutions Viewer installation packages by checking digital signatures against known trusted certificates and sources. 2. Restrict PowerShell execution policies using Group Policy or local security policies to allow only signed scripts or disable PowerShell where not required. 3. Implement application whitelisting to prevent execution of unauthorized binaries, especially those embedded within software installers. 4. Enforce the principle of least privilege by limiting user accounts with administrative rights and monitoring privileged account activities closely. 5. Conduct thorough endpoint detection and response (EDR) monitoring for unusual PowerShell command execution or other suspicious behaviors associated with this vulnerability. 6. Engage with the vendor for patches or updated software versions and apply them promptly once available. 7. Educate users about the risks of executing software from untrusted sources and the importance of verifying software authenticity. 8. Consider network segmentation to isolate systems running Justice AV Solutions Viewer from critical infrastructure to limit lateral movement in case of compromise.