SLP's Achilles Heel: Protect Your Network from DDoS Vulnerabilities – CVE-2023-29552
Updated: May 16
Have you heard about a recent vulnerability that's causing a stir in the cybersecurity community? Researchers discovered a new high-severity vulnerability in a legacy internet protocol that could be used to launch large scale denial-of-service (DoS) attacks, capable of knocking services offline. Let's dive in and see what it's all about.
Cyber risk firm Bitsight and IT security company Curesec discovered a vulnerability in the Service Location Protocol (SLP), an outdated internet protocol used by applications in local area networks that allows network systems to communicate with each other. While the protocol was not intended for the public internet, researchers found over 54,000 instances of SLP connections to the internet.
Why Should I Care?
This vulnerability could allow attackers to conduct what are known as reflective DoS amplification attacks, which send requests to a server using a spoofed IP address that corresponds to the victim's IP address.
The server then replies to the victim's IP address, sending much larger responses than the requests, generating large amounts of traffic to the victim's system. The vulnerability, known as CVE-2023-29552, can allow attackers to manipulate both the content and the size of the server reply, resulting in a maximum amplification factor of over 2200X. This makes it hypothetically "one of the largest amplification attacks ever reported," according to researchers.
While there are potentially many products affected by the vulnerability, including VMware ESXi Hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module, and Supermicro IPMI, VMware has already published a response to the vulnerability disclosure, stating that currently supported versions of its ESXi product are not impacted. However, older versions, including 6.7 and 6.5, are potentially affected.
What Can I Do?
In light of this discovery, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory, urging IT administrators to disable network access to SLP servers. The criticality of the vulnerability and the potential consequences resulting from exploitation have led researchers to coordinate with impacted organisations and with CISA to alert the public about the issue.
The impact of the SLP vulnerability is significant, as it could be used to launch massive DoS attacks that could take down vital services, affecting individuals and organisations worldwide. Therefore, it's essential to stay vigilant and take necessary precautions to mitigate this threat.
Keep your organisation ahead of threats with Cytidel Threat Intelligence
To find out more about Cytidel’s threat intelligence offering, visit https://www.cytidel.com/threat-intelligence
Stay safe and secure!
The Cytidel Threat Intelligence Team