The vulnerability, CVE-2020-5741, is a deserialisation flaw that can be exploited by an authenticated attacker in order to execute arbitrary code with the same privileges as the media server.
The 2022 Tenable Threat Landscape Report, published last week, reinforces this sobering reminder that known vulnerabilities are more dangerous and disruptive to security than zero days. We’ve seen time and time again cybercriminals and nation states routinely exploit known vulnerabilities with available patches to gain initial access into organisations and to elevate privileges once inside. Discovering and remediating the known and exploited vulnerabilities that represent the greatest risk to an organisation continues to be the most impactful way to limit risk.” — Scott Caveza, Senior Research Manager, Tenable.