CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 31, 2023

CVE-2020-5741

High

EPSS 38.4%CISA KEV

Plex/Media Server

Description

Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

EPSS — Exploit Probability

38.4%

Higher than 97.2% of all CVEs

Required Action

https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819; https://nvd.nist.gov/vuln/detail/CVE-2020-5741

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 38.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Mar 10, 2023

Added to KEV

Mar 10, 2023

Remediation Due

Mar 31, 2023

Affected Product

Plex

Media Server

View all Plex CVEs

External Links

NVD (NIST)CVE Details MITRE CVE