CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

US CISA added remote code execution vulnerability in Plex Media Server to its Known Exploited Vulnerabilities Catalog.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog.

The three-year-old high-severity flaw is a deserialization of untrusted data in Plex Media Server on Windows, a remote, authenticated attacker can trigger it to execute arbitrary Python code.

© 版权声明
点赞5 分享
评论 抢沙发