NEWS: CISA Highlights High-Severity Flaw in Service Location Protocol

November 17, 2023

CISA Highlights High-Severity Flaw in Service Location Protocol

The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently included a high-risk vulnerability in the Service Location Protocol (SLP) within its Known Exploited Vulnerabilities (KEV) catalog. This inclusion was made following the detection of active exploitation of this flaw. This vulnerability, designated as CVE-2023-29552 and having a CVSS score of 7.5, is a denial-of-service (DoS) flaw that could potentially be used to initiate large-scale DoS amplification assaults.

Exploring the Vulnerability

According to CISA, the Service Location Protocol (SLP) is plagued by a denial-of-service (DoS) vulnerability. This vulnerability could enable an unauthenticated, remote attacker to register services and use falsified UDP traffic to execute a denial-of-service (DoS) attack with a considerable amplification factor. SLP is a protocol that facilitates the discovery and communication of systems within a local area network (LAN).

Amplification Factor and Potential Exploitation

While the precise details regarding the exploitation of this flaw remain undisclosed, Bitsight had previously cautioned that this deficiency could be manipulated to execute DoS attacks with a high amplification factor. Bitsight stated, “This extremely high amplification factor allows for an under-resourced threat actor to have a significant impact on a targeted network and/or server via a reflection DoS amplification attack.”

Mandatory Mitigations for Federal Agencies

In response to the real-world attacks leveraging this flaw, federal agencies are mandated to implement the necessary mitigations, including the deactivation of the SLP service on systems operating on untrusted networks. These measures must be taken by November 29, 2023, to protect their networks from potential threats.