November 9, 2023 at 05:30AM
The US cybersecurity agency CISA has warned of threat actors using a Service Location Protocol (SLP) vulnerability to conduct denial-of-service (DoS) attacks with a high amplification factor. The flaw, tracked as CVE-2023-29552, allows unauthenticated remote attackers to register arbitrary services and use spoofed UDP traffic to amplify the magnitude of DoS attacks. The researchers have identified approximately 34,000 exploitable systems with SLP. Companies are advised to either disable the SLP protocol or ensure that their instances are not internet-accessible. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog and urges administrators to apply mitigations. Federal agencies have been given 21 days to secure vulnerable systems within their environments.
Key Takeaways:
– The US cybersecurity agency CISA has issued a warning about threat actors exploiting a vulnerability in the Service Location Protocol (SLP), which can lead to denial-of-service (DoS) attacks.
– The vulnerability, tracked as CVE-2023-29552, allows unauthenticated remote attackers to register arbitrary services and use spoofed UDP traffic to amplify the magnitude of DoS attacks.
– The researchers have warned that the amplification factor could reach 2,000, making it a significant threat.
– SLP is a legacy protocol meant for local network discovery and was not intended to be exposed to the public web.
– Thousands of organizations are using SLP, and approximately 34,000 systems are exploitable.
– Vendors such as VMware and NetApp have confirmed the impact of the vulnerability and are urging administrators to either disable the SLP protocol or ensure that their instances are not internet-accessible.
– Administrators should also set firewall rules to filter traffic on UDP and TCP port 427 to prevent exploitation.
– Proof-of-concept (PoC) code for DoS amplification targeting CVE-2023-29552 has been available since April, but this is the first report of the vulnerability being actively exploited in attacks.
– CISA has added CVE-2023-29552 to its Known Exploited Vulnerabilities Catalog and is urging administrators to apply mitigations.
– Federal agencies have 21 days to identify vulnerable systems and secure them according to Binding Operational Directive (BOD) 22-01.