Title: Out-of-Band XXE in SSDP Processing of Plex Media Server
CVE: CVE-2018-13415 (Plex Media Server)
Discovery: Chris Moberly on behalf of The Missing Link Security
The XML parsing engine for various media server applications is vulnerable to an XML External Entity
Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:
- Access arbitrary files from the filesystem with the same permission as the user account running UMS.
- Initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password.
- Initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
Plex 126.96.36.19954 and prior