March 28, 2023

Tje U.S. CISA has added a remote code execution (RCE) vulnerability in the Plex Media Server to its Known Exploited Vulnerabilities Catalog.

The three-year-old high-severity flaw , tracked as CVE-2020-5741 with a CVSS score: 7.2 is a deserialization of untrusted data in Plex Media Server on Windows, a remote, authenticated attacker that can trigger it to execute arbitrary Python code.

Advertisements

This allows an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. This could be done by setting the server data directory to overlap with the content location for a library on which Camera Upload was enabled.

The company addressed the vulnerability with the release of Plex Media Server 1.19.3 in May 2020.

The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers.

CISA orders federal agencies to fix this flaw by March 31, 2023.

Tags:

Leave a Reply

You may have missed

Apple Backports ZeroDay Patches for older devices

Apple Backports ZeroDay Patches for older devices

March 28, 2023
Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
%d bloggers like this: