CVE-2023-29552

Warning

Exploit

EPSS 93.54%
Published 25.04.2023 16:15:09
Last modified 27.03.2025 14:08:54
Source cve@mitre.org
Teams watchlist Login
Open Login

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

Affected products Warnungen 1 Metrics 3 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Netapp ≫ Smi-s Provider Version-

Suse ≫ Manager Server Version-

Suse ≫ Linux Enterprise Server Version11 Update-

Suse ≫ Linux Enterprise Server Version12 Update-

Suse ≫ Linux Enterprise Server Version12 Update- SwPlatformsap

Suse ≫ Linux Enterprise Server Version15 SwPlatform-

Suse ≫ Linux Enterprise Server Version15 SwPlatformsap

VMware ≫ ESXi Version < 7.0

Service Location Protocol Project ≫ Service Location Protocol Version-

08.11.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Service Location Protocol (SLP) Denial-of-Service Vulnerability

Vulnerability

The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

Description

Apply mitigations per vendor instructions or disable SLP service or port 427/UDP on all systems running on untrusted networks, including those directly connected to the Internet.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.54%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H