CVE-2023-29552

Published: Apr 25, 2023Modified: Oct 31, 2025CISA KEV

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

Affected (9)

Products: Netapp: Smi S Provider · Suse: Linux Enterprise Server, Manager Server · Vmware: Esxi · +1 more

Show all products

Netapp: Smi S Provider · Suse: Linux Enterprise Server, Manager Server · Vmware: Esxi · Service Location Protocol Project: Service Location Protocol

1 product

2 products

Linux Enterprise Server

1 product

Service Location Protocol Project

1 product

Service Location Protocol

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Smi S Provider	All versions

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Server	Version 11
Suse Linux Enterprise Server	Version 12
Suse Linux Enterprise Server	Version 12
Suse Linux Enterprise Server	Version 15
Suse Linux Enterprise Server	Version 15
Suse Manager Server	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Vmware Esxi	Before 7.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Service Location Protocol Project Service Location Protocol	All versions

References (17)

https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html

Source: cve@mitre.org

Third Party Advisory

https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://datatracker.ietf.org/doc/html/rfc2608

Source: cve@mitre.org

Technical Description

https://github.com/curesec/slpload

Source: cve@mitre.org

Product

https://security.netapp.com/advisory/ntap-20230426-0001/

Source: cve@mitre.org

Third Party Advisory

https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://www.suse.com/support/kb/doc/?id=000021051

Source: cve@mitre.org

Third Party Advisory

https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://datatracker.ietf.org/doc/html/rfc2608

Source: af854a3a-2127-422b-91ae-364da2661108

Technical Description

https://github.com/curesec/slpload

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://security.netapp.com/advisory/ntap-20230426-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.suse.com/support/kb/doc/?id=000021051

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29552

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.