September 30, 2023

Tje U.S. CISA has added a remote code execution (RCE) vulnerability in the Plex Media Server to its Known Exploited Vulnerabilities Catalog.

The three-year-old high-severity flaw , tracked as CVE-2020-5741 with a CVSS score: 7.2 is a deserialization of untrusted data in Plex Media Server on Windows, a remote, authenticated attacker that can trigger it to execute arbitrary Python code.

Advertisements

This allows an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. This could be done by setting the server data directory to overlap with the content location for a library on which Camera Upload was enabled.

The company addressed the vulnerability with the release of Plex Media Server 1.19.3 in May 2020.

The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers.

CISA orders federal agencies to fix this flaw by March 31, 2023.

Tags:

Leave a Reply

You may have missed

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023
%d bloggers like this: