CVE-2023-29552

Warnung

Exploit

EPSS 93.54%
Veröffentlicht 25.04.2023 16:15:09
Zuletzt bearbeitet 27.03.2025 14:08:54
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netapp ≫ Smi-s Provider Version-

Suse ≫ Manager Server Version-

Suse ≫ Linux Enterprise Server Version11 Update-

Suse ≫ Linux Enterprise Server Version12 Update-

Suse ≫ Linux Enterprise Server Version12 Update- SwPlatformsap

Suse ≫ Linux Enterprise Server Version15 SwPlatform-

Suse ≫ Linux Enterprise Server Version15 SwPlatformsap

VMware ≫ ESXi Version < 7.0

Service Location Protocol Project ≫ Service Location Protocol Version-

08.11.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Service Location Protocol (SLP) Denial-of-Service Vulnerability

Schwachstelle

The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

Beschreibung

Apply mitigations per vendor instructions or disable SLP service or port 427/UDP on all systems running on untrusted networks, including those directly connected to the Internet.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.54%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H