The XML parsing engine for various media server applications is vulnerable to an XML External Entity
Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:
- Access arbitrary files from the filesystem with the same permission as the user account running UMS.
- Initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password.
- Initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
Plex 188.8.131.5254 and prior