HomeCyber SecurityTenable discovers vulns that allow unlimited OS access from Netflix alt. Plex...

Tenable discovers vulns that allow unlimited OS access from Netflix alt. Plex Media Server

Tenable Research announced that it has discovered three vulnerabilities in Plex Media Server that could allow attackers to gain unlimited access via phishing to the operating system and download private media albums.

The Plex application, which has been called an alternative to Netflix and has become increasingly popular during shelter-in-place orders, lets users stream their own media and share personal libraries among friends. If all three vulns are exploited together, the attacker could gain unlimited access to the operating system and access any file, pivot to other machines on the network or install backdoors. At the lowest levels, exploitation could allow an attacker to gain access to any media, including personal videos and pictures, on the victim’s server and then access the underlying operating system.

Plex has released patches and/or mitigations for all vulnerabilities in a rolling process, and Tenable has published plugins to detect vulnerable instances of Plex Media Server. The research blog post can be found here and I’ve included a breakdown of each vulnerability below – are you interested in speaking with Tenable to learn more?

  1. CVE-2020-5742 – Plex users can share their own media, but if users are sent a link to access someone else’s media, they can’t always determine if they’re logging into their own server or the attacker’s via a phishing link. If the user does log in via the link, the attacker could make requests to the victim’s server and download files such as a private photo album.
  2. CVE-2020-5741 – After successfully exploiting the previous vulnerability, the attacker could then remotely execute arbitrary code on a Windows machine to gain the same privileges as the media server, and then pivot to other machines on the network or install backdoors.
  3. CVE-2020-5740 – This local privilege escalation flaw allows attackers to elevate their privileges to the highest level, gaining unlimited access to the underlying Windows operating system to access any files
Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS