CISA Warns of Service Location Protocol (SLP) Denial-of-Service Vulnerability (CVE-2023-29552)

Qualys Security Advisory

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an alert for a vulnerability in n the Service Location Protocol (SLP). Tracked as CVE-2023-29552, it has been given a high severity rating with a CVSS score of 7.8. Successful exploitation of the vulnerability will allow an attacker to launch a denial-of-service attack. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before November 29, 2023.

Security researchers from Bitsight and Curesec jointly discovered the vulnerability in April. Bitsight has mentioned in their blog that they have found over 2,000 global organizations and over 54,000 SLP instances — including VMware ESXi Hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module (IMM), SMC IPMI, and others. These organizations around the globe were vulnerable to DoS attacks.

SLP protocol provides a dynamic configuration mechanism for applications in local area networks. Systems on a network can locate and communicate using SLP protocol. To accomplish this, it uses a directory of available services, which may include file servers, printers, and other network resources.

VMware has addressed reflective denial-of-service amplification vulnerability in SLP for ESXi in April 2023. An attacker may exploit this vulnerability to stage a DoS attack with a high amplification factor. An attacker may cause severe damage to the targeted network and/or server via a reflection DoS amplification attack.

Affected versions

The vulnerability affects VMware ESXi version 6.7.x.

Mitigation

Customers are requested to upgrade to VMware ESXi 7.0 U2c and ESXi 8.0 GA and newer to patch the vulnerability.

For more information, please refer to the VMware Blog.

Qualys Detection

Qualys customers can scan their devices with QIDs 216311 and 216312 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp
https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html

READ MORE