SLP Vulnerability of High Severity Being Actively Exploited

    On November 8, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified a critical vulnerability in the Service Location Protocol (SLP), tracked as CVE-2023-29552, and added it to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. With a CVSS score of 7.5, this high-severity flaw is a denial-of-service (DoS) vulnerability that attackers can exploit to launch massive DoS amplification attacks. Security firms Bitsight and Curesec first disclosed this vulnerability in April 2023​​​.

    The CVE-2023-29552 vulnerability enables an unauthenticated, remote attacker to register arbitrary services within the SLP. The attacker can then use spoofed UDP traffic to conduct a DoS attack with a significant amplification factor. SLP, a protocol used by systems on a local area network (LAN) to discover each other and establish communications, becomes critically weak due to this flaw.

    If exploited, CVE-2023-29552 allows an attacker to leverage vulnerable instances to launch a DoS attack, sending massive amounts of traffic to a victim via a reflection amplification attack. This attack has caused significant financial, reputational, and operational harm in recent years​​. The vulnerability leaves tens of thousands of devices vulnerable to these devastating attacks, posing a severe risk to the cybersecurity landscape​.

    In response to the real-world attacks exploiting this flaw, federal agencies must apply necessary mitigations, including disabling the SLP service on systems running on untrusted networks, by November 29, 2023. This step is crucial to secure their networks against potential threats.

    The discovery and active exploitation of CVE-2023-29552 serve as a stark reminder of the ever-evolving cyber threat landscape and the importance of proactive measures in cybersecurity.

    Latest articles

    Related articles