- May 24, 2023: Mitigation instructions.
- April 26, 2023: Published.
Service Location Protocol (SLP) is a legacy Internet protocol that provides a dynamic configuration mechanism for applications in local area networks allowing systems on a network to find each other and communicate with each other. SLP was not intended to be made available to the public Internet. However, the protocol has been found in a variety of instances connected to the Internet.
The vulnerability in SLP [CVE-2023-29552] allows an attacker to leverage vulnerable instances of SLP to launch a DoS attack — sending massive amounts of traffic to a victim — via a reflective amplification attack.
All SLP implementations are potentially affected. Over 2,000 organizations were identified as having vulnerable instances. Attackers could leverage these vulnerable instances to launch a DoS attack targeting the system owners and/or other organizations.
Mitigation & Remediation
To protect against CVE-2023-29552, disable SLP on all systems running on untrusted networks, like those directly connected to the Internet. If that is not possible, configure firewalls to filter traffic on UDP and TCP port 427. This will prevent external attackers from accessing the SLP service.
Continuous Monitoring Application
Use Vulnerability Detection to search for “CVE-2023-29552.” Any of your partners using vulnerable instances will be shown, allowing you to prioritize remediation efforts.
Security Performance Management Application
Use Vulnerability Detection to search for “CVE-2023-29552.” Any vulnerable devices deployed in your organization will be shown, providing you with what you need to secure your organization.