The XML parsing engine for Plex Media Server's SSDP/UPNP
functionality is vulnerable to an XML External Entity
Processing (XXE) attack. Unauthenticated attackers on the same LAN can
use this vulnerability to:
- Access arbitrary files from the filesystem with the same permission as
the user account running Plex.
- Initiate SMB connections to capture NetNTLM challenge/response and
crack to clear-text password.
- Initiate SMB connections to relay NetNTLM challenge/response and
achieve Remote Command Execution in Windows domains.