The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities catalog to include a critical vulnerability in the Service Location Protocol (SLP), identified as CVE-2023-29552, with a CVSS score of 7.5. This vulnerability is characterized as a denial-of-service (DoS) flaw and has been observed in active exploitation.
This vulnerability, initially disclosed by Bitsight and Curesec in April, allows an unauthenticated, remote attacker to exploit SLP by registering services and using spoofed UDP traffic to initiate a DoS attack with a considerable amplification factor. SLP, a protocol used for discovering and establishing communications between systems on a local area network (LAN), becomes a point of vulnerability due to this flaw.
Although specific details about the exploitation of this vulnerability remain unclear, Bitsight previously indicated that it could be used to conduct DoS attacks with a high amplification factor, enabling even low-resource threat actors to significantly impact targeted networks or servers through reflection DoS amplification attacks.
In response to the active exploitation of this vulnerability, CISA has mandated federal agencies to implement necessary mitigations. These include disabling the SLP service on systems operating within untrusted networks. This measure, to be completed by November 29, 2023, is crucial for safeguarding networks against potential threats stemming from this high-severity vulnerability.