Wild Exploitation of SLP Vulnerability Unleashes Amplified DoS Attacks, CISA Warns

CISA's alarm bells ring as threat actors exploit a Service Location Protocol (SLP) vulnerability, unleashing high-amplification denial-of-service (DoS) attacks. Tracked as CVE-2023-29552 with a potent CVSS score of 8.6, this flaw, unveiled in April, grants attackers the ability to register services and magnify DoS strikes with spoofed UDP traffic.

This unique security loophole marries reflective DoS amplification with service registration, potentially leading to a staggering 2,000-fold amplification, warn experts. SLP, an aging protocol designed for local network discovery, has found itself unexpectedly exposed to the public web, making thousands of systems vulnerable.

Major vendors like VMware and NetApp have acknowledged the impact, advising administrators to either deactivate SLP or secure instances from internet exposure. Taking action, CISA adds CVE-2023-29552 to its roster of actively exploited vulnerabilities, prompting urgent application of available safeguards.

Administrators are urged to disable SLP on open web-connected systems and implement strict firewall rules to curb traffic on critical ports. With PoC code available since April, the urgency to address this issue is emphasized, especially for federal agencies given the 21-day mandate to secure vulnerable systems.