CVE-2020-5741 — Plex Media Server Remote Code Execution Vulnerability
2023-03-10 • CISA Known Exploited Vulnerability
[event] Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Plex |
| Product | Media Server |
| CWE | CWE-502 |
| CVE ID | CVE-2020-5741 |
| Date Added | 2023-03-10 |
| Due Date | 2023-03-31 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2023-03-31