Threat Signal Report

CISA Adds CVE-2020-5741 and CVE-2021-39144 to the Known Exploited Vulnerabilities Catalog

description-logo Description

FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2020-5741 (Plex Media Server remote code execution vulnerability) and CVE-2021-39144 (XStream Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities (KEV) catalog on March 10, 2023. The catalog lists vulnerabilities that are being actively exploited in the wild and require federal agencies to apply patches by the due date.

Why is this Significant?

This is significant because CVE-2020-5741 (Plex Media Server Remote Code Execution Vulnerability) and CVE-2021-39144 (XStream Remote Code Execution Vulnerability) on the CISA's Known Exploited Vulnerabilities Catalog were observed to be actively exploited in the wild. As such, patches should be applied to both vulnerabilities as soon as possible.

What is CVE-2020-5741?

CVE-2020-5741 is a Remote Code Execution (RCE) vulnerability that affects Plex Media Server version 1.19.2 and prior. Successful exploitation allows a remote attacker to execute arbitrary Python code within the context of the application.

What is CVE-2021-39144?

CVE-2021-39144 is an Insecure Deserialization vulnerability that affects VMware library XStream version 1.4.17 and prior. The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker could exploit this to execute arbitrary code within the context of the application, via uploading a crafted XML file.

Have the Vendors Released a Patch for CVE-2020-5741 and CVE-2021-39144?

Yes. Patches for CVE-2020-5741 and CVE-2021-39144 are available.

What is the Status of Protection?

FortiGuard Labs has the following IPS protection in place for CVE-2020-5741 and CVE-2021-39144:

  • Plex.Media.Server.Dict.File.Remote.Code.Execution (CVE-2020-5741)
  • VMWare.NSX.Manager.XStream.CVE-2021-39144.Deserialization (CVE-2021-39144)