You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The XML parser don't disable the inline DTDs parsing by default or do not provide a mean to disable it AFAIK.
The XML parsing engine in SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:
Access arbitrary files from the filesystem with the same permission as the user account running UMS.
Initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password.
Initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
The XML parser don't disable the inline DTDs parsing by default or do not provide a mean to disable it AFAIK.
The XML parsing engine in SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:
Exploitation can be demonstrated using evil-ssdp (https://gitlab.com/initstring/evil-ssdp).
The text was updated successfully, but these errors were encountered: