Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
Attack Vector (AV) | Network | Adjacent | Local | Physical |
---|---|---|---|---|
Attack Complexity (AC) | LOW | High | ||
Privileges Required (PR) | None | Low | High | |
User Interaction (UI) | None | Required | ||
Scope (S) | Unchange | Change | ||
Confidentiality (C) | None | Low | High | |
Integrity (I) | None | Low | High | |
Availability (A) | None | Low | High |
Attack Vector (AV) | Network | Adjacent | Local |
---|---|---|---|
Access Complexity (AC) | Low | Medium | High |
Authentication (Au) | None | Single | Multiple |
Confidentiality (C) | None | Parical | Complete |
Integrity (I) | None | Partial | Complete |
Availability (A) | None | Partial | Complete |
CVE Infomation | Exploits or more Infomation |
---|---|
mitre | EXPLOIT DATABASE |
NVD | 0day.today |
vulmon.com | github |
CVE Details | |
JVN ENG JPN | |
Reconshell |
Software Tag:
List of frequently cited URLs
URL | Num of Times Referred to |
---|---|
https://cvetrends.com | 48 |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog | 9 |
https://go.dhs.gov/Z3Q | 6 |
https://twitter.com/CISACyber/status/1634227134930595840 | 3 |
List of frequently cited URLs
URL | Num of Times Referred to |
---|---|
cvetrends.com | 48 |
www.cisa.gov | 9 |
go.dhs.gov | 6 |
twitter.com | 3 |
Name | URL |
---|---|
No Data |
Name | URL |
---|---|
No Data |