CVE-2021-33959 : Plex media server 1.21 and before is vulnerable to ddos reflection attack via pl

Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.

Published 2023-01-18 14:15:11

Updated 2024-11-21 06:09:48

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-33959

Plex » Media Server
Versions up to, including, (<=) 1.21
cpe:2.3:a:plex:media_server:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

22.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

Assigned by: nvd@nist.gov (Primary)
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: nvd@nist.gov (Primary)

https://github.com/lixiang957/CVE-2021-33959

GitHub - lixiang957/CVE-2021-33959: CVE-2021-33959
Exploit;Third Party Advisory
https://www.freebuf.com/articles/web/260338.html

预警：基于Plex媒体播放平台的DDoS反射攻击来袭 - FreeBuf网络安全行业门户
Exploit;Technical Description;Third Party Advisory

CVEs referencing this url

Jump to