CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
4.4 | $0-$5k | 0.00 |
A vulnerability was found in Plex Media Server 0.9.9.10. It has been declared as problematic. This vulnerability affects some unknown processing of the component SSL/TLS Handler. The manipulation with an unknown input leads to a authentication spoofing vulnerability. The CWE definition for the vulnerability is CWE-290. This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. As an impact it is known to affect integrity.
The weakness was presented 02/06/2014 by Stefan Viehböck with SEC Consult Vulnerability Lab as SEC Consult Vulnerability Lab Security Advisory 20140411-0 as not defined advisory (Website). The advisory is available at sec-consult.com. The public release was coordinated in cooperation with the vendor. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. The advisory points out:
The Plex Media Server offers HTTPS access via TCP port 32443. The certificate that is used is issued by "DigiCert Secure Server CA" which is a commonly trusted certificate authority. The certificate is issued to "*.hub.plex.tv". The private key for this certificate is included in the Plex software and can be extracted easily. The DNS server behind "hub.plex.tv" is configured to resolve subdomains relative to the IP indicated in the name. Eg. 1-2-3-4.hub.plex.tv resolves to the IP 1.2.3.4. This enables all Plex Media Servers to offer SSL/TLS services out of the box without prior configuration and using a valid certificate. For this to work the corresponding private key has to be included in the software. This enables active attackers to execute SSL MITM attacks as the private key is effectively public.
The best possible mitigation is suggested to be disabling the affected component. A possible mitigation has been published 3 months after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (92766). See 13137, 13139 and 13140 for similar entries.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.4
VulDB Base Score: 5.3
VulDB Temp Score: 4.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Authentication spoofingCWE: CWE-290 / CWE-287
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: DisableStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
02/06/2014 🔍02/06/2014 🔍
02/09/2014 🔍
02/10/2014 🔍
04/05/2014 🔍
04/25/2014 🔍
05/05/2014 🔍
08/09/2017 🔍
Sources
Advisory: SEC Consult Vulnerability Lab Security Advisory 20140411-0Researcher: Stefan Viehböck
Organization: SEC Consult Vulnerability Lab
Status: Not defined
Coordinated: 🔍
X-Force: 92766 - Plex Media Server SSL spoofing, Medium Risk
SecurityFocus: 66783 - Plex Media Server Multiple Security Vulnerabilities
Secunia: 57882 - Plex Media Server Multiple Vulnerabilities, Less Critical
See also: 🔍
Entry
Created: 05/05/2014 10:26Updated: 08/09/2017 14:08
Changes: 05/05/2014 10:26 (50), 08/09/2017 14:08 (12)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.