Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2023-29552
HistoryApr 25, 2023 - 4:51 p.m.

CVE-2023-29552

2023-04-2516:51:31
redhat.com
access.redhat.com
31
service location protocol
slp
udp
denial of service
reflective attack
amplification
spoofing
firewall configuration

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.023 Low

EPSS

Percentile

89.7%

JSON

.The Service Location Protocol (SLP) is vulnerable to an attack through UDP The OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However, SLP is vulnerable to a reflective denial of service amplification attack through UDP on systems connected to the internet. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address. To prevent external attackers from accessing the SLP service, disable SLP on all systems running on untrusted networks, such as those directly connected to the internet. Alternatively, to work around this problem, configure firewalls to block or filter traffic on UDP and TCP port 427.

Related

thn 2
ubuntucve 1
cisa_kev 1
nessus 6
broadcom 1
cvelist 1
githubexploit 1
f5 1
attackerkb 1
cve 1
prion 1
nvd 1
hp 1
impervablog 1
thn
thn
New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks
2023-04-25 13:26:00
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
2023-11-09 05:33:00
ubuntucve
ubuntucve
CVE-2023-29552
2023-04-24 00:00:00
cisa_kev
cisa_kev
Service Location Protocol (SLP) Denial-of-Service Vulnerability
2023-11-08 00:00:00
nessus
nessus
ESXi < 7.0 Reflected Denial of Service
2023-05-23 00:00:00
SLP Server Detection (TCP)
2006-12-07 00:00:00
RHEL 9 : openslp (Unpatched Vulnerability)
2024-06-03 00:00:00
broadcom
broadcom
CVE-2023-29552 - Abuse of the Service Location Protocol May Lead to DoS Attacks
2023-05-19 00:00:00
cvelist
cvelist
CVE-2023-29552
2023-04-25 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Netapp Smi-S Provider
2023-10-27 09:17:21
f5
f5
K000133692 : OpenSLP vulnerability CVE-2023-29552
2023-04-28 00:00:00
attackerkb
attackerkb
CVE-2023-29552
2023-04-25 00:00:00
cve
cve
CVE-2023-29552
2023-04-25 16:15:09
prion
prion
Code injection
2023-04-25 16:15:00
nvd
nvd
CVE-2023-29552
2023-04-25 16:15:09
hp
hp
Tera2 Zero Client and Remote Workstation Card Firmware – Service Location Protocol
2024-02-23 00:00:00
impervablog
impervablog
CVE-2023-29552: Abusing the SLP Protocol to Launch Massive DDoS Amplification Attacks
2023-05-04 13:19:13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.023 Low

EPSS

Percentile

89.7%

JSON
Related for RH:CVE-2023-29552
thn2ubuntucve1cisa_kev1nessus6broadcom1cvelist1githubexploit1f51attackerkb1cve1prion1nvd1hp1impervablog1