← Retour aux CVEs
CVE-2023-29552
HIGHCISA KEV7.5
Description
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/25/2023
Derniere modification10/31/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurIETF
ProduitService Location Protocol (SLP)
Nom vulnerabiliteService Location Protocol (SLP) Denial-of-Service Vulnerability
Date ajout KEV2023-11-08
Date limite remediation2023-11-29
Utilise dans ransomwareUnknown
Produits affectes
netapp:smi-s_providerservice_location_protocol_project:service_location_protocolsuse:linux_enterprise_serversuse:manager_servervmware:esxi
References
https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html(cve@mitre.org)
https://datatracker.ietf.org/doc/html/rfc2608(cve@mitre.org)
https://github.com/curesec/slpload(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20230426-0001/(cve@mitre.org)
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp(cve@mitre.org)
https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks(cve@mitre.org)
https://www.suse.com/support/kb/doc/?id=000021051(cve@mitre.org)
https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html(af854a3a-2127-422b-91ae-364da2661108)
https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html(af854a3a-2127-422b-91ae-364da2661108)
https://datatracker.ietf.org/doc/html/rfc2608(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/curesec/slpload(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230426-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks(af854a3a-2127-422b-91ae-364da2661108)
https://www.suse.com/support/kb/doc/?id=000021051(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29552(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.