CVE-2023-29552
CVE-2023-29552
In short
The Service Location Protocol (SLP) allows attackers to register fake services using spoofed traffic, enabling them to flood networks and disrupt service availability. This is dangerous because attackers can amplify their attack power without needing to authenticate.
Technical detail
CVE-2023-29552 exploits unauthenticated SLP service registration to enable UDP-based denial-of-service attacks with amplification. An attacker can send spoofed UDP packets registering arbitrary services, causing the SLP infrastructure to generate disproportionately large responses that overwhelm target networks. No authentication or special privileges are required for exploitation.
Summary generated and translated by AI from the official description.
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.htmlhttps://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.htmlhttps://datatracker.ietf.org/doc/html/rfc2608https://github.com/curesec/slploadhttps://security.netapp.com/advisory/ntap-20230426-0001/https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slphttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29552https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attackshttps://www.suse.com/support/kb/doc/?id=000021051