Test ID:	1.3.6.1.4.1.25623.1.0.145346
Category:	Denial of Service
Title:	Plex Media Server < 1.21.3.4014 SSDP (PMSSDP) Reflection/Amplification DDoS Attack
Summary:	Plex Media Server installations in a specific (and uncommon); network position could potentially be used to reflect UDP traffic on certain device-discovery; ports as part of a possible DDoS (distributed denial-of-service) attack.
Description:	Summary: Plex Media Server installations in a specific (and uncommon) network position could potentially be used to reflect UDP traffic on certain device-discovery ports as part of a possible DDoS (distributed denial-of-service) attack. Vulnerability Insight: Plex Media Server instances which have either been deployed on a public-facing network DMZ or in an Internet Data Center (IDC), or with manually configured port-forwarding rules which forward specific UDP ports from the public Internet to devices running Plex Media Server, can potentially be abused as part of possible DDoS attacks. These actions can have the effect of exposing a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks. Affected Software/OS: Plex Media Server prior to version 1.21.3.4014. Solution: Update to version 1.21.3.4014 or later. For mitigation steps see the referenced vendor response. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.