Lucene search
MitreCVELIST:CVE-2021-42835HistoryDec 08, 2021 - 2:34 p.m.
CVE-2021-42835
2021-12-0814:34:35
mitre
www.cve.org
3
plex media server
code execution
rpc service
toctou race condition
cve-2021-42835
EPSS
0.001
Percentile
49.4%
An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM).
Related
openvas
openvas
Plex Media Server < 1.25.0 Privilege Escalation Vulnerability
2021-12-09 00:00:00
nessus
nessus
FreeBSD : Plex Media Server -- security vulnerability (98f78c7a-a08e-11ed-946e-002b67dfc673)
2023-01-30 00:00:00
Plex Media Server < 1.25.0.5282 Privilege Escalation
2021-12-29 00:00:00
freebsd
freebsd
Plex Media Server -- security vulnerability
2021-10-22 00:00:00
prion
prion
Race condition
2021-12-08 15:15:00
nvd
nvd
CVE-2021-42835
2021-12-08 15:15:10
githubexploit
githubexploit
cve
cve
CVE-2021-42835
2021-12-08 15:15:10