Security News > 2021 > February > Plex patches media server bug potentially exploited by DDoS attackers
Media company Plex has fixed a vulnerability in its media server that could have been used by hackers to strengthen DDoS attacks.
In an announcement released last Friday and updated on Saturday, Plex said that it has issued hotfix 66 for Plex Media Server to address the flaw in its product.
Described in an alert issued by network monitoring firm Netscout a couple of days earlier, Plex Media Server could have been used by cybercriminals to amplify DDoS attacks by responding to UDP requests from the public internet.
The fix is available in Plex Media Server v1.21.3.4014 or newer and is accessible to both public and beta users of Plex Media Server through the regular Downloads page.
A Plex spokesperson told TechRepublic that the report was correct in saying that a Plex Media Server accessible over the public internet through UDP on port 32414 could be used to reflect traffic and amplify a DDoS attack.
"If a Plex Media Server user chooses to enable remote access, Plex Media Server will attempt to use UPnP to open access to TCP on port 32400," the spokesperson said.