A vulnerability in the Service Location Protocol (SLP) has been discovered by researchers from Bitsight and Curesec. The SLP, as defined in RFC 2608, can allow an unauthenticated remote attacker to register arbitrary services. This can be used to conduct a high amplification factor DoS attack with spoofed source addresses.
The researchers have identified the vulnerability as CVE-2023-29552.
Bitsight notes that many SLP services visible on the internet appear to be older and likely abandoned systems. This means that administrators should consider disabling or restricting network access to SLP servers. Other organizations, such as VMware, have already evaluated the vulnerability and provided responses.
They can be found in the VMware Response to CVE-2023-29552.
To prevent the likelihood and impact of DoS attacks, the Cybersecurity and Infrastructure Security Agency (CISA) urges organizations to review Bitsight’s blog post and see CISA’s article on Understanding and Responding to Distributed Denial-of-Service Attacks for guidance.
Denial-of-service attacks can be highly disruptive and can cause significant damage, both in terms of financial costs and reputational damage. By taking steps to secure their networks, organizations can reduce the risk of being targeted by these attacks.
