Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
| Attack Vector (AV) | Network | Adjacent | Local | Physical |
|---|---|---|---|---|
| Attack Complexity (AC) | LOW | High | ||
| Privileges Required (PR) | None | Low | High | |
| User Interaction (UI) | None | Required | ||
| Scope (S) | Unchange | Change | ||
| Confidentiality (C) | None | Low | High | |
| Integrity (I) | None | Low | High | |
| Availability (A) | None | Low | High |
| Attack Vector (AV) | Network | Adjacent | Local |
|---|---|---|---|
| Access Complexity (AC) | Low | Medium | High |
| Authentication (Au) | None | Single | Multiple |
| Confidentiality (C) | None | Parical | Complete |
| Integrity (I) | None | Partial | Complete |
| Availability (A) | None | Partial | Complete |
| CVE Infomation | Exploits or more Infomation |
|---|---|
| mitre | EXPLOIT DATABASE |
| NVD | 0day.today |
| vulmon.com | github |
| CVE Details | |
| JVN ENG JPN | |
| Reconshell |
Software Tag:
List of frequently cited URLs
| URL | Num of Times Referred to |
|---|---|
| https://cvetrends.com | 48 |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog | 9 |
| https://go.dhs.gov/Z3Q | 6 |
| https://twitter.com/CISACyber/status/1634227134930595840 | 3 |
List of frequently cited URLs
| URL | Num of Times Referred to |
|---|---|
| cvetrends.com | 48 |
| www.cisa.gov | 9 |
| go.dhs.gov | 6 |
| twitter.com | 3 |
| Name | URL |
|---|---|
| No Data | |
| Name | URL |
|---|---|
| No Data | |