Security News > 2023 > March > CISA warns of actively exploited Plex bug after LastPass breach

CISA warns of actively exploited Plex bug after LastPass breach
2023-03-11 16:28

CISA has added an almost three-year-old high-severity remote code execution vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks.

Attackers with "Admin access to a Plex Media Server could abuse the Camera Upload feature to make the server execute malicious code," according to an advisory published by the Plex Security Team in May 2020 when it patched the bug with the release of Plex Media Server 1.19.3.

While CISA didn't provide any info on the attacks where the CVE-2020-5741 was exploited, this is likely linked to LastPass recently disclosing that a senior DevOps engineer's computer was hacked last year to install a keylogger by abusing a third-party media software RCE bug.

Even though LastPass didn't disclose what software flaw was exploited to hack into the engineer's computer, Ars Technica reported that the software package exploited on the employee's home computer was Plex.

Coincidentally, in August, Plex also notified customers of a data breach and asked them to reset their passwords after LastPass disclosed a second breach of its own.

On Friday, CISA also added a critical severity vulnerability in VMware's Cloud Foundation, exploited in the wild since early December, to its Known Exploited Vulnerabilities catalog.


News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-05-08 CVE-2020-5741 Deserialization of Untrusted Data vulnerability in Plex Media Server
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
network
low complexity
plex CWE-502
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Plex 1 0 6 4 0 10