Service Location Protocol Vulnerability [CVE-2023-29552] – April 26, 2023

We discovered a high-severity vulnerability in the Service Location Protocol (SLP) [CVE-2023-29552], a legacy Internet protocol. Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) reflective amplification attacks with a factor as high as 2200 times, potentially making it one of the largest amplification attacks ever reported.

See mitigation & remediation instructions.

Refer to the following resources for more details:

• Bitsight Blog, “New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)”
• NIST, “CVE-2023-29552 Detail”
• CISA, “Abuse of the Service Location Protocol May Lead to DoS Attacks”