Insufficient verification of data authenticity in OpenSLP - CVE-2023-29552
Published: April 26, 2023 / Updated: November 8, 2023
Vulnerability identifier: #VU75503
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2023-29552
CWE-ID: CWE-345
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
OpenSLP
OpenSLP
Software vendor:
openslp.org
openslp.org
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper verification of data authenticity when handling SLP packets sent to port 247/UDP. A remote attacker can send small requests to a server with a spoofed source IP address that corresponds to the victim's IP address and perform reflective DoS amplification attack.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
External links
- https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html
- https://datatracker.ietf.org/doc/html/rfc2608
- https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp
- https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks
- https://www.suse.com/support/kb/doc/?id=000021051