image credit: Pexels

CISA adds SLP flaw to its Known Exploited Vulnerabilities catalog

November 9, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-29552 (CVSS score: 7.5) in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities catalog.

The Service Location Protocol (SLP) is a legacy service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration.

The vulnerability CVE-2023-29552 is a denial-of-service (DoS) issue, it can be exploited by an unauthenticated, remote attacker to register arbitrary services. An attacker can exploit the flaw to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

Read More on Security Affairs