CVE-2021-42835

moderate-risk

Published 2021-12-08

An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM).

Do I need to act?

14.2% chance of exploitation in next 30 days

EPSS score — higher than 86% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (1)

Media Server

Affected Vendors

Plex

References (8)

Third Party Advisory https://bugsec.com/experts_teams/

Vendor Advisory https://forums.plex.tv/t/security-regarding-cve-2021-42835/761510

Exploit https://ir-on.io/2021/12/02/local-privilege-plexcalation/

Product https://www.plex.tv/media-server-downloads/

Third Party Advisory https://bugsec.com/experts_teams/

Vendor Advisory https://forums.plex.tv/t/security-regarding-cve-2021-42835/761510

Exploit https://ir-on.io/2021/12/02/local-privilege-plexcalation/

Product https://www.plex.tv/media-server-downloads/

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 12/34 · Low

Exposure 5/34 · Minimal