Service Location Protocol Vulnerability [CVE-2023-29552]

Service Location Protocol (SLP) is a legacy Internet protocol that provides a dynamic configuration mechanism for applications in local area networks allowing systems on a network to find each other and communicate with each other. SLP was not intended to be made available to the public Internet. However, the protocol has been found in a variety of instances connected to the Internet.

The vulnerability in SLP [CVE-2023-29552] allows an attacker to leverage vulnerable instances of SLP to launch a DoS attack — sending massive amounts of traffic to a victim — via a reflective amplification attack.

All SLP implementations are potentially affected. Over 2,000 organizations were identified as having vulnerable instances. Attackers could leverage these vulnerable instances to launch a DoS attack targeting the system owners and/or other organizations.

What is SLP; What is Service Location Protocol

Mitigation & Remediation

To protect against CVE-2023-29552, disable SLP on all systems running on untrusted networks, like those directly connected to the Internet. If that is not possible, configure firewalls to filter traffic on UDP and TCP port 427. This will prevent external attackers from accessing the SLP service.

Continuous Monitoring Application

Use Vulnerability Detection to search for CVE-2023-29552. Any of your partners using vulnerable instances will be shown, allowing you to prioritize remediation efforts.

Security Posture Management Application

Use Vulnerability Detection to search for CVE-2023-29552. Any vulnerable devices deployed in your organization will be shown, providing you with what you need to secure your organization.