Main Vulnerability Database Vulnerabilities #VU76599

Missing Authorization in Emby Server - #VU76599

Published: May 29, 2023

Vulnerability identifier: #VU76599

CSH Severity: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Emby Server

Software vendor:
MediaBrowser

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure default configuration. A remote non-authenticated attacker can send a specially crafted request to the server and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://emby.media/support/articles/advisory-23-05.html

Missing Authorization in Emby Server - #VU76599

Description

Remediation

External links

Please verify you're human