Vulnerabilities > CVE-2018-13416 - XXE vulnerability in Spirton Universal Media Server 7.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection. CVE-2018-13416. Webapps exploit for XML platform. Tags: XML External Entity (XXE) |
| file | exploits/xml/webapps/45133.txt |
| id | EDB-ID:45133 |
| last seen | 2018-08-02 |
| modified | 2018-08-02 |
| platform | xml |
| port | |
| published | 2018-08-02 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/45133/ |
| title | Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/148767/ums-xxe.txt |
| id | PACKETSTORM:148767 |
| last seen | 2018-08-04 |
| published | 2018-08-01 |
| reporter | Chris Moberly |
| source | https://packetstormsecurity.com/files/148767/Universal-Media-Server-7.1.0-XML-Injection.html |
| title | Universal Media Server 7.1.0 XML Injection |