image credit: Unsplash

CISA Warns of Plex Vulnerability Linked to LastPass Hack

March 13, 2023

Tracked as CVE-2020-5741, the first is a high-severity flaw in Plex Media Server that is described as a deserialization issue that can be exploited to execute arbitrary Python code, remotely.

“This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it,” Plex noted in a May 2020 advisory.

Addressed with the release of Plex Media Server 1.19.3, the vulnerability requires for the attacker to have admin access to a Plex Media Server for successful exploitation, which made it unlikely to be targeted in attacks.

Read More on Security Week