Plex has patched and mitigated three vulnerabilities affecting Plex Media Server for Windows that could enable attackers to take full control of the underlying system when chained together.
Plex Media Server is a desktop app and the backend server for the Plex media streaming service, designed for streaming movies, TV shows, music, and photo collections to over the Internet and on local area networks.
The three vulnerabilities tracked
CVE-2020-5740,
CVE-2020-5741, and
CVE-2020-5742 were found by Tenable security researcher Chris Lyne and reported to Plex on May 31st.
If attackers chain together exploits for all these security flaws, they could remotely execute code as SYSTEM, fully taking over the operating system, gain access to all files, deploy backdoors, or move laterally to other devices on the same network.
... ...