Cyber Resilience

CVE-2023-29552

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 25 April 2023

Published
25 April 2023
Modified
31 October 2025
KEV Added
08 November 2023
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.9214 99.7th percentile
Risk Priority 90 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-29552 is a high-severity an unspecified weakness vulnerability in Suse Linux Enterprise Server. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

The vulnerability CVE-2023-29552 resides in the Service Location Protocol (SLP) defined by RFC 2608. It stems from the protocol's acceptance of service registrations without authentication, enabling attackers to leverage implementations in products such as those from VMware and NetApp. The flaw produces a reflected denial-of-service condition with a high amplification factor when combined with spoofed UDP traffic.

An unauthenticated remote attacker can exploit the issue by sending crafted registration messages that elicit amplified responses directed at a target. This allows the adversary to conduct volumetric DoS attacks that consume bandwidth and resources on victim systems without requiring prior access or credentials.

VMware and NetApp advisories, along with Curesec analysis, address mitigation steps for affected SLP deployments. Public references also include the original RFC 2608 specification and a proof-of-concept tool released on GitHub.

The associated EPSS score has remained elevated, reaching a peak of 0.9296.

EU & UK References

Vulnerability details

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

CWE(s)
KEV Date Added
08 November 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netapp
smi-s provider
all versions
suse
manager server
all versions
suse
linux enterprise server
11, 12, 15
vmware
esxi
≤ 7.0
service location protocol project
service location protocol
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the unauthenticated remote service registrations that the SLP flaw permits.

prevent

Boundary filtering or ACLs can drop unauthorized SLP UDP traffic before it reaches vulnerable implementations.

prevent

Provides denial-of-service protections that limit the impact of the amplification attack enabled by spoofed registrations.

References