The US Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploitable Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-29552 (CVSS score: 7.5), this issue is related to a denial of service (DoS) vulnerability that can be weaponized to launch large-scale DoS amplification attacks.
This was disclosed by BitSight and Curasec earlier this April.
“The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and conduct a denial-of-service (DoS) attack with a critical “Could allow spoofed UDP traffic to be detected using amplification factors,” CISA said.
SLP is a protocol that allows systems on a local area network (LAN) to discover each other and establish communications.
Exact details regarding the nature of the flaw’s exploitation are currently unknown, but BitSight previously warned that the flaw could be exploited to stage DoS with a high amplification factor.
It says, “This extremely high amplification factor allows an under-resourced threat actor to have a significant impact on a targeted network and/or server through a reflected DoS amplification attack.”
In light of real-world attacks employing the flaw, federal agencies are required to apply the necessary mitigations, including disabling the SLP service on systems running on untrusted networks, by November 29, 2023, to secure their networks against potential threats.