Lucene search
PRIOn knowledge basePRION:CVE-2018-13415HistoryAug 13, 2018 - 5:29 p.m.
Xxe
2018-08-1317:29:00
PRIOn knowledge base
www.prio-n.com
3
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
| CPE | Name | Operator | Version |
|---|---|---|---|
| media_server | eq | 1.13.2.5154 |
Related
freebsd
freebsd
Plex Media Server -- Information Disclosure Vulnerability
2018-08-01 00:00:00
nessus
nessus
nvd
nvd
CVE-2018-13415
2018-08-13 17:29:00
zdt
zdt
cve
cve
CVE-2018-13415
2018-08-13 17:29:00
exploitpack
exploitpack
cvelist
cvelist
CVE-2018-13415
2018-08-13 17:00:00
packetstorm
packetstorm
Plex Media Server 1.13.2.5154 SSDP Processing XML Injection
2018-08-03 00:00:00
exploitdb
exploitdb