April 19, 2024

Tje U.S. CISA has added a remote code execution (RCE) vulnerability in the Plex Media Server to its Known Exploited Vulnerabilities Catalog.

The three-year-old high-severity flaw , tracked as CVE-2020-5741 with a CVSS score: 7.2 is a deserialization of untrusted data in Plex Media Server on Windows, a remote, authenticated attacker that can trigger it to execute arbitrary Python code.

Advertisements

This allows an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. This could be done by setting the server data directory to overlap with the content location for a library on which Camera Upload was enabled.

The company addressed the vulnerability with the release of Plex Media Server 1.19.3 in May 2020.

The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers.

CISA orders federal agencies to fix this flaw by March 31, 2023.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

HashiCorp Critical Vulnerability – CVE-2024-3817

April 18, 2024

Cisco Integrated Management Controller Vulnerabilities

April 18, 2024

Windows Kernel Vulnerability – CVE-2024-21338 PoC Exploit Released

April 17, 2024

Cisco Duo Identify Data Breach

April 17, 2024

Tanium new Automate Feature

April 16, 2024

Patch released CVE-2024-3400 added to KEV Catalog

April 16, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading