The CISA, or US Cybersecurity and Infrastructure Security Agency, has recently included two vulnerabilities that affect Plex and VMware products in their Known Exploited Vulnerabilities (KEV) catalog.
CVE-2020-5741 is a high-severity flaw in Plex Media Server that is described as a deserialization issue that can be exploited to execute arbitrary Python code, remotely. The vulnerability requires for the attacker to have admin access to a Plex Media Server for successful exploitation, and was addressed with the release of Plex Media Server 1.19.3. However, the August 2022 data breach disclosed by Plex opened the door for the exploitation of unpatched Plex Media Server instances still impacted by CVE-2020-5741.
The second vulnerability, CVE-2021-39144, is a remote code execution issue in XStream, recently seen being exploited in malicious attacks targeting VMware products, such as VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V).
As per the Binding Operational Directive (BOD) 22-01, federal agencies are required to address these vulnerabilities until March 31. However, all organizations are encouraged to review the catalog and apply patches where necessary.
Key Points:
- The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Plex and VMware products to its Known Exploited Vulnerabilities (KEV) catalog.
- CVE-2020-5741 is a high-severity flaw in Plex Media Server that can be exploited to execute arbitrary Python code, remotely.
- CVE-2021-39144 is a remote code execution issue in XStream, recently seen being exploited in malicious attacks targeting VMware products.
- Federal agencies are required to address these vulnerabilities until March 31, however all organizations are encouraged to review the catalog and apply patches where necessary.