High-Severity Vulnerability in Service Location Protocol

Security researchers have discovered a high-severity vulnerability (CVE-2023-29552) affecting the Service Location Protocol (SLP), which is a legacy Internet protocol.

Successful exploitation of the vulnerability could allow an unauthenticated remote attacker to register arbitrary services and use spoofed User Datagram Protocol (UDP) traffic to conduct amplified denial-of-service (DoS) attacks.

Users and administrators are advised to disable SLP on all systems running on untrusted Internet-facing networks and servers. If that is not possible, firewalls should be configured to filter traffic on UDP and Transmission Control Protocol (TCP) port 427 to prevent remote attackers from accessing the SLP service.

Users and administrators may refer to SingCERT's DDoS playbook for more information on how to identify, contain and mitigate DDoS attacks:

SingCERT's Distributed Denial-of-Service Playbook [PDF, 597 KB]

More information is available here:

https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp

https://securityaffairs.com/145295/hacking/slp-flaw-ddos-attacks.html?amp=1