Patrick Domingues

Recently it was found that Plex had a vulnerability that allowed hackers to do a full system takeover. 

The three vulnerabilities that were found are CVE-2020-5740, CVE-2020-5741, and CVE-2020-5742 which was detected by Tenable security researcher Chris Lyne and reported to Plex on May 31st.

If hackers are able to exploit this vulnerability they could execute code to gain access to all files, create backdoors and even move to other devices on the network.

Update to the latest version

Make sure that you are not vulnerable, log into your plex server and update right away.

“We have rolled out a change in our update distribution servers. This change will protect Plex Media Server version 1.18.2 or newer,” the Plex Security Team said. “Plex Media Server installations older than 1.18.2 will still be exploitable and we highly encourage users on older releases to upgrade.”

“Additionally, Plex Media Server versions 1.19.1.2701 & 1.19.2.2702 (and newer) features additional hardening in the updater infrastructure to protect against future vulnerabilities. We recommended for all users to update to one of these releases.”

Plex also resolved the CVE-2020-5742 vulnerability by enabling automatic alerts on authentication pages to notify Plex users when they are logging into a media server that’s not hosted by Plex.

• Tackling Shadow IT: The Unseen Network Security Risk
• How to Spot and Report Cybercrime Effectively
• IT Management Strategies For Startups
• 3 Common Mistakes in IT Operations You Can’t Afford to Make
• How Generative AI Impacts Email Security