← Volver a CVEs
CVE-2023-29552
HIGHCISA KEV7.5
Descripcion
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/25/2023
Ultima modificacion10/31/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorIETF
ProductoService Location Protocol (SLP)
Nombre vulnerabilidadService Location Protocol (SLP) Denial-of-Service Vulnerability
Fecha inclusion KEV2023-11-08
Fecha limite remediacion2023-11-29
Uso en ransomwareUnknown
Productos afectados
netapp:smi-s_providerservice_location_protocol_project:service_location_protocolsuse:linux_enterprise_serversuse:manager_servervmware:esxi
Referencias
https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html(cve@mitre.org)
https://datatracker.ietf.org/doc/html/rfc2608(cve@mitre.org)
https://github.com/curesec/slpload(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20230426-0001/(cve@mitre.org)
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp(cve@mitre.org)
https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks(cve@mitre.org)
https://www.suse.com/support/kb/doc/?id=000021051(cve@mitre.org)
https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html(af854a3a-2127-422b-91ae-364da2661108)
https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html(af854a3a-2127-422b-91ae-364da2661108)
https://datatracker.ietf.org/doc/html/rfc2608(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/curesec/slpload(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230426-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks(af854a3a-2127-422b-91ae-364da2661108)
https://www.suse.com/support/kb/doc/?id=000021051(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29552(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.