vulnerability
FreeBSD: VID-98F78C7A-A08E-11ED-946E-002B67DFC673 (CVE-2021-42835): Plex Media Server -- security vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Oct 22, 2021 | Jan 31, 2023 | Jan 31, 2023 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Oct 22, 2021
Added
Jan 31, 2023
Modified
Jan 31, 2023
Description
An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM).
Solution(s)
freebsd-upgrade-package-plexmediaserverfreebsd-upgrade-package-plexmediaserver-plexpass
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.