Plex Media Server < 1.21.3.4014 SSDP (PMSSDP) Reflection/Amplification DDoS Attack

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

1 year ago

Modified

Modified

1 year ago

Summary

Plex Media Server installations in a specific (and uncommon) network position could potentially be used to reflect UDP traffic on certain device-discovery ports as part of a possible DDoS (distributed denial-of-service) attack.

Insight

Insight

Plex Media Server instances which have either been deployed on a public-facing network DMZ or in an Internet Data Center (IDC), or with manually configured port-forwarding rules which forward specific UDP ports from the public Internet to devices running Plex Media Server, can potentially be abused as part of possible DDoS attacks. These actions can have the effect of exposing a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks.

Affected Software

Affected Software

Plex Media Server prior to version 1.21.3.4014.

Detection Method

Detection Method

Sends a crafted UDP request and checks the response.

Solution

Solution

Update to version 1.21.3.4014 or later. For mitigation steps see the referenced vendor response.

Get started for free to scan for vulnerabilities

Companies of all sizes use Mageni to scan their assets for vulnerabilities. Mageni is free for 7-days then $39 USD Monthly regardless of how many IPs, scans, deployments or users you have. Cancel at Anytime and 7-days Money-Back Guarantee. Developed and supported by certified CompTIA PenTest+ professionals. Mageni contributes 1% of your subscription to removing CO₂ from the atmosphere.

Get Started For Free
App screenshot