CVE-2018-13415

high-risk

Published 2018-08-13

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.

Do I need to act?

32.3% chance of exploitation in next 30 days

EPSS score — higher than 68% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45146

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Media Server

Affected Vendors

Plex

References (4)

Exploit http://seclists.org/fulldisclosure/2018/Aug/1

Exploit https://www.exploit-db.com/exploits/45146/

Exploit http://seclists.org/fulldisclosure/2018/Aug/1

Exploit https://www.exploit-db.com/exploits/45146/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 16/34 · Moderate

Exposure 5/34 · Minimal