CVE-2020-5741: Plex Media Server Remote Code Execution Vulnerability
First published: Fri May 08 2020(Updated: )
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
Credit: vulnreport@tenable.com vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Plex Media Server | <1.19.3 | |
| Microsoft Windows | ||
| Plex Media Server | ||
| All of | ||
| Plex Media Server | <1.19.3 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5741?
CVE-2020-5741 is a remote code execution vulnerability in Plex Media Server.
How does CVE-2020-5741 work?
CVE-2020-5741 allows an attacker with administrative access to the Plex server to upload a malicious file through the Camera Upload feature, which can then be executed by the media server.
What is the affected software?
The affected software is Plex Media Server.
Can this vulnerability be exploited remotely?
No, this vulnerability can only be exploited by an attacker with access to the server administrator's Plex account.
How can I protect myself from CVE-2020-5741?
To protect yourself, ensure that your Plex server is always running the latest version and regularly update it when new releases or security patches are available.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/plex
- canonical/plex media server
- vendor/microsoft
- canonical/microsoft windows