Attacker Value

Low

(1 user assessed)

Exploitability

High

(1 user assessed)

User Interaction

CVE-2020-5741

Disclosure Date: May 08, 2020 •

CVE-2020-5741 CVSS v3 Base Score: 7.2

Exploited in the Wild

Reported by gwillcox-r7 and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Execution

Techniques

Validation

Command and Scripting Interpreter: Python

Validated

Initial Access

Techniques

Validation

Valid Accounts

Validated

Metasploit Module

Plex Unpickle Dict Windows RCE

Description

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

Add Assessment

zeroSteiner (328)

November 11, 2020 6:24pm UTC (3 years ago)•Edited 3 years ago

Ratings

Attacker Value

Low

Exploitability

High

Easy to weaponize Vulnerable in default configuration Authenticated Requires elevated access

Technical Analysis

A vulnerability exists within Plex that allows an authenticated attacker to submit data that is deserialized through Python in an unsafe manner. This leads to code execution within the context of the Plex server. Given the nature of Python serialization vulnerabilities, exploitation of this is relatively easy and reliable. Exploitation attempts involve creating a new photo library and setting the LocalAppDataPath which will trigger the deserialization process.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.2 High

Impact Score:

5.9

Exploitability Score:

1.2

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

plex

Products

media server

Metasploit Modules

Plex Unpickle Dict Windows RCE (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/plex_unpickle_dict_rce.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as News Article or Blog (https://www.pcmag.com/news/lastpass-employee-couldve-prevented-hack-with-a-software-update)

Reported: March 07, 2023 8:52pm UTC (1 year ago) • Edited 1 year ago

mkienow-r7 indicated sources as

Vendor Advisory (https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819)
Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: March 10, 2023 7:32pm UTC (1 year ago) • Edited 1 year ago

References

Canonical

CVE-2020-5741 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5741)

Miscellaneous

https://www.tenable.com/security/research/tra-2020-32

http://packetstormsecurity.com/files/158470/Plex-Unpickle-Dict-Windows-Remote-Code-Execution.html

Rapid7

Low

CVE-2020-5741

Low

High

None

High

Network

CVE-2020-5741

Description