CVE-2023-29552 — HIGH (7.5)

Q: How severe is CVE-2023-29552?

CVE-2023-29552 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-29552?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Smi-S Provider, Suse Manager Server, Suse Linux Enterprise Server, Vmware Esxi, Service Location Protocol Project Service Location Protocol.

Vulnerability Description

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netapp	Smi-S Provider	-
Suse	Manager Server	-
Suse	Linux Enterprise Server	11
Vmware	Esxi	< 7.0
Service Location Protocol Project	Service Location Protocol	-

References

https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflThird Party Advisory
https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-DenialExploitThird Party Advisory
https://datatracker.ietf.org/doc/html/rfc2608Technical Description
https://github.com/curesec/slploadProduct
https://security.netapp.com/advisory/ntap-20230426-0001/Third Party Advisory
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-disExploitThird Party Advisory
https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocThird Party AdvisoryUS Government Resource
https://www.suse.com/support/kb/doc/?id=000021051Third Party Advisory
https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflThird Party Advisory
https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-DenialExploitThird Party Advisory
https://datatracker.ietf.org/doc/html/rfc2608Technical Description
https://github.com/curesec/slploadProduct
https://security.netapp.com/advisory/ntap-20230426-0001/Third Party Advisory
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-disExploitThird Party Advisory
https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2023-29552?

CVE-2023-29552 is a vulnerability with a CVSS score of 7.5 (HIGH). The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of...

How severe is CVE-2023-29552?

CVE-2023-29552 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-29552?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Smi-S Provider, Suse Manager Server, Suse Linux Enterprise Server, Vmware Esxi, Service Location Protocol Project Service Location Protocol.