{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-29552", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T14:14:38.816Z", "dateReserved": "2023-04-07T00:00:00", "datePublished": "2023-04-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-26T00:00:00"}, "descriptions": [{"lang": "en", "value": "The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://datatracker.ietf.org/doc/html/rfc2608"}, {"url": "https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp"}, {"url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html"}, {"url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks"}, {"url": "https://www.suse.com/support/kb/doc/?id=000021051"}, {"url": "https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html"}, {"url": "https://github.com/curesec/slpload"}, {"url": "https://security.netapp.com/advisory/ntap-20230426-0001/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:38.816Z"}, "title": "CVE Program Container", "references": [{"url": "https://datatracker.ietf.org/doc/html/rfc2608", "tags": ["x_transferred"]}, {"url": "https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp", "tags": ["x_transferred"]}, {"url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks", "tags": ["x_transferred"]}, {"url": "https://www.suse.com/support/kb/doc/?id=000021051", "tags": ["x_transferred"]}, {"url": "https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html", "tags": ["x_transferred"]}, {"url": "https://github.com/curesec/slpload", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230426-0001/", "tags": ["x_transferred"]}]}]}}

{}

{"cisaActionDue": "2023-11-29", "cisaExploitAdd": "2023-11-08", "cisaRequiredAction": "Apply mitigations per vendor instructions or disable SLP service or port 427/UDP on all systems running on untrusted networks, including those directly connected to the Internet.", "cisaVulnerabilityName": "Service Location Protocol (SLP) Denial-of-Service Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:manager_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4E8CE0B-23E7-45BF-AAFB-AD12DC7EB0F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:sap:*:*", "matchCriteriaId": "5D18AA86-88AF-481B-A24F-429BF79264AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:-:*:*", "matchCriteriaId": "B1B7847D-6C17-4817-B71E-C034894B70A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*", "matchCriteriaId": "C665A768-DBDA-4197-9159-A2791E98A84F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esxi:*:*:*:*:*:*:*:*", "matchCriteriaId": "D223DD19-0441-4EBD-9F51-5E9012434517", "versionEndExcluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:service_location_protocol_project:service_location_protocol:-:*:*:*:*:*:*:*", "matchCriteriaId": "64E7C090-F632-4975-9C4C-E89100088BF4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor."}], "id": "CVE-2023-29552", "lastModified": "2023-05-04T19:07:23.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-25T16:15:09.537", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html"}, {"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://datatracker.ietf.org/doc/html/rfc2608"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/curesec/slpload"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230426-0001/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.suse.com/support/kb/doc/?id=000021051"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openslp: Reflective denial of service amplification attack via UDP", "id": "2183534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183534"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-406", "details": ["The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.", ".The Service Location Protocol (SLP) is vulnerable to an attack through UDP\nThe OpenSLP provides a dynamic configuration mechanism for applications in local area networks, such as printers and file servers. However, SLP is vulnerable to a reflective denial of service amplification attack through UDP on systems connected to the internet. SLP allows an unauthenticated attacker to register new services without limits set by the SLP implementation. By using UDP and spoofing the source address, an attacker can request the service list, creating a Denial of Service on the spoofed address.\nTo prevent external attackers from accessing the SLP service, disable SLP on all systems running on untrusted networks, such as those directly connected to the internet. Alternatively, to work around this problem, configure firewalls to block or filter traffic on UDP and TCP port 427."], "name": "CVE-2023-29552", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "openslp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openslp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openslp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "openslp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-04-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-29552\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29552\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "The OpenSLP protocol specification makes it prone to UDP amplification attacks, and the abuse of exposed OpenSLP servers can be used to contribute to Distributed Denial of Service attacks. Due to the protocol implementation, this issue can't be directly fixed.\nThis issue affects the Server component of the openslp package, which is only shipped on Red Hat Enterprise Linux 7 and 9.\nRHEL 8 only ships the Client component, that is not affected by this CVE.\nThe OpenSLP server is not installed and active on any standard RHEL deployments. If you are using the OpenSLP server, Red Hat recommends to do so in a secure and controlled network environment.", "threat_severity": "Important"}