Main Vulnerability Database Vulnerabilities #VU72903

Deserialization of Untrusted Data in Plex Media Server - CVE-2020-5741

Published: March 7, 2023 / Updated: March 10, 2023

Vulnerability identifier: #VU72903

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2020-5741

CWE-ID: CWE-502

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Plex

Affected software:
Plex Media Server

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote privileged user can send specially crafted HTTP request to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2020-5741

Install updates from vendor's website.

Deserialization of Untrusted Data in Plex Media Server - CVE-2020-5741

Detailed vulnerability description

How to mitigate CVE-2020-5741

Sources

Please verify you're human