8 matches found
RHEL 9 : openslp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openslp: Reflective denial of service amplification attack via UDP CVE-2023-29552 Note that Nessus has not tested f...
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a high-severity flaw in the Service Location Protocol SLP to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 CVSS score: 7.5, the issue relates to a...
CVE-2023-29552 - Abuse of the Service Location Protocol May Lead to DoS Attacks
The Service Location Protocol SLP, RFC 2608 allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. More at:...
K000133692: OpenSLP vulnerability CVE-2023-29552
Security Advisory Description The Service Location Protocol SLP, RFC 2608 allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. CVE-2023-295...
CVE-2023-29552
creationtimestamp| type| source ---|---|--- 2023-04-25 15:36:49+00:00| exploited| https://t.me/thehackernews/3282 2023-04-25 20:02:10+00:00| seen| Telegram/jNOQaSS6WIfk39XQXCw2qQeJoi2-3-FLwOGvgRF5EFSFfs 2023-04-25 20:24:58+00:00| seen| https://t.me/cibsecurity/62820 2023-04-26 08:38:19+00:00| see...
New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks
Details have emerged about a high-severity security vulnerability impacting Service Location Protocol SLP that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive...
CVE-2023-29552
CVE-2023-29552 describes a DoS vulnerability in the Service Location Protocol (SLP) where an unauthenticated remote attacker can register arbitrary services, causing SLP server to respond with spoofed traffic and enabling large amplification (reported up to ~2,200x). Documented impacts include po...
CVE-2023-29552
The Service Location Protocol SLP, RFC 2608 allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor...