The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.
Researchers from Bitsight and Curesec have discovered a way to abuse SLP—identified as CVE-2023-29552—to conduct high amplification factor DoS attacks using spoofed source addresses.
As noted by Bitsight, many SLP services visible on the internet appear to be older and likely abandoned systems. Administrators should consider disabling or restricting network access to SLP servers. Some organizations such as VMware have evaluated CVE-2023-29552 and have provided a response, see VMware Response to CVE-2023-29552 – reflective Denial-of-Service (DoS) amplification vulnerability in SLP for more information.
CISA urges organizations to review Bitsight’s blog post for more details and see CISA’s article on Understanding and Responding to Distributed Denial-of-Service Attacks for guidance on reducing the likelihood and impact of DoS attacks.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released thirteen Industrial Control Systems (ICS) advisories on July 10, 2025. These advisories provide…
CISA released one Industrial Control Systems (ICS) advisory on July 8, 2025. These advisories provide…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
This website uses cookies.