Remote code execution
Xtream, Plex Media Server Flaws Added to CISA’s Known Exploited Vulnerabilities List
XStream contains a remote code execution vulnerability that an attacker can exploit to execute a local command on the server by manipulating the processed input stream and replacing or injecting objects. VMware Cloud Foundation, which uses the Xtream open source library, said the vulnerability is in the critical severity range.
A similar flaw found in Plex Media Server was also added to the list of known exploited vulnerabilities, CISA said. According to the catalog, the Plex vulnerability allows an attacker to access the server administrator’s Plex account to upload and execute a malicious file via the camera upload feature and media server, respectively.
Plex said the file upload can be done by changing the location of the server data directory to match the content location for a library on which the camera upload feature was enabled. The company has implemented measures to mitigate the issue, including removing the ability to change the data directory location. Plex noted that the vulnerability cannot be exploited without access to a Plex Media Server administrator account.
The federal civilian executive branch agencies are required to remediate the vulnerabilities by March 31 to reduce exposure to cyberattacks.
Tags: cybersecurity Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities Catalog Plex Media Server VMware Cloud Foundation Xtream