Recent Plex Vulnerability Allows Full System Takeover
Recently it was found that Plex had a vulnerability that allowed hackers to do a full system takeover.
The three vulnerabilities that were found are CVE-2020-5740, CVE-2020-5741, and CVE-2020-5742 which was detected by Tenable security researcher Chris Lyne and reported to Plex on May 31st.
If hackers are able to exploit this vulnerability they could execute code to gain access to all files, create backdoors and even move to other devices on the network.
Update to the latest version
Make sure that you are not vulnerable, log into your plex server and update right away.
“We have rolled out a change in our update distribution servers. This change will protect Plex Media Server version 1.18.2 or newer,” the Plex Security Team said. “Plex Media Server installations older than 1.18.2 will still be exploitable and we highly encourage users on older releases to upgrade.”
“Additionally, Plex Media Server versions 1.19.1.2701 & 1.19.2.2702 (and newer) features additional hardening in the updater infrastructure to protect against future vulnerabilities. We recommended for all users to update to one of these releases.”
Plex also resolved the CVE-2020-5742 vulnerability by enabling automatic alerts on authentication pages to notify Plex users when they are logging into a media server that’s not hosted by Plex.
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How to Remove Radmin Viewer with PowerShell
- How to Automate Ubuntu Server System Updates and Package Installation
- Introducing Zevonix: Your Pathway to Smarter IT
Discover more from Patrick Domingues
Subscribe to get the latest posts sent to your email.
Loading ...