CVE-2023-29552
unknown
KEV
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
1.5
Description
The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.
CISA KEV
- Vendor
- IETF
- Product
- Service Location Protocol (SLP)
- Due date
- 2023-11-29
Predictions
Exploit likelihood
99%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
{Vendor advisory: cisa-kev โ This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on the patching status. For more information please see https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp and https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks.; https://nvd.nist.gov/vuln/detail/CVE-2023-29552}
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
References
- https://www.suse.com/security/cve/CVE-2023-29552.html
- This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on the patching status. For more information please see https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp and https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks.; https://nvd.nist.gov/vuln/detail/CVE-2023-29552
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.