Insufficient verification of data authenticity in OpenSLP - CVE-2023-29552
Published: April 26, 2023 / Updated: November 8, 2023
Vulnerability identifier: #VU75503
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2023-29552
CWE-ID: CWE-345
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: openslp.org
Affected software:
OpenSLP
OpenSLP
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper verification of data authenticity when handling SLP packets sent to port 247/UDP. A remote attacker can send small requests to a server with a spoofed source IP address that corresponds to the victim's IP address and perform reflective DoS amplification attack.
How to mitigate CVE-2023-29552
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Sources
- https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html
- https://datatracker.ietf.org/doc/html/rfc2608
- https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp
- https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks
- https://www.suse.com/support/kb/doc/?id=000021051