Service Location Protocol (SLP) Abuse May Lead to DoS Attack - 20230427001

Overview

The WA SOC has observed a vulnerability reported by researchers from Bitsight and Curesec where attackers may abuse SLP to conduct high amplification factor DoS attacks using spoofed source addresses.

What is the vulnerability?

CVE-2023-29552 - CVSS v3 Base Score: 8.6

What is vulnerable?

The vulnerability affects SLP services that are visible to the internet.

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing

Recommendation

The WA SOC recommends administrators should consider disabling or restricting network access to SLP servers and apply the solutions as per vendor instructions to all affected devices.

Additional References

• CISA - Advisory
• CISA - Understanding and Responding to DDoS Attacks
• VMware Response to CVE-2023-29552