What is CVE-2018-13415?

CVE-2018-13415 is a vulnerability in Plex Media Server 1.13.2.5154 that allows remote, unauthenticated attackers to perform an XML External Entity Processing (XXE) attack.

How severe is CVE-2018-13415?

CVE-2018-13415 has a severity rating of 9.8 which is considered critical.

How does CVE-2018-13415 work?

CVE-2018-13415 exploits a vulnerability in the XML parsing engine used for SSDP/UPnP functionality in Plex Media Server, allowing attackers to access arbitrary files from the filesystem with the same permissions as the user running the server.

Is the CVE-2018-13415 vulnerability patched?

Yes, CVE-2018-13415 has been patched in Plex Media Server. It is recommended to update to the latest version to mitigate the vulnerability.

How can I mitigate the CVE-2018-13415 vulnerability?

To mitigate the CVE-2018-13415 vulnerability, update Plex Media Server to the latest version.

Vulnerability/
CVE-2018-13415

critical

9.8

CWE

611

13/8/2018

5/8/2024

CVE-2018-13415: XEE

First published: Mon Aug 13 2018(Updated: )

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Plex Media Server	=1.13.2.5154

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-13415?
CVE-2018-13415 is a vulnerability in Plex Media Server 1.13.2.5154 that allows remote, unauthenticated attackers to perform an XML External Entity Processing (XXE) attack.
How severe is CVE-2018-13415?
CVE-2018-13415 has a severity rating of 9.8 which is considered critical.
How does CVE-2018-13415 work?
CVE-2018-13415 exploits a vulnerability in the XML parsing engine used for SSDP/UPnP functionality in Plex Media Server, allowing attackers to access arbitrary files from the filesystem with the same permissions as the user running the server.
Is the CVE-2018-13415 vulnerability patched?
Yes, CVE-2018-13415 has been patched in Plex Media Server. It is recommended to update to the latest version to mitigate the vulnerability.
How can I mitigate the CVE-2018-13415 vulnerability?
To mitigate the CVE-2018-13415 vulnerability, update Plex Media Server to the latest version.

collector/nvd-index
agent/references
agent/author
agent/severity
agent/weakness
agent/description
agent/tags
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/mitre-cve
source/MITRE
vendor/plex
canonical/plex media server
version/plex media server/1.13.2.5154

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.