CVE-2023-29552
Published: 25 April 2023
Summary
CVE-2023-29552 is a high-severity an unspecified weakness vulnerability in Suse Linux Enterprise Server. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).
Deeper analysis
The vulnerability CVE-2023-29552 resides in the Service Location Protocol (SLP) defined by RFC 2608. It stems from the protocol's acceptance of service registrations without authentication, enabling attackers to leverage implementations in products such as those from VMware and NetApp. The flaw produces a reflected denial-of-service condition with a high amplification factor when combined with spoofed UDP traffic.
An unauthenticated remote attacker can exploit the issue by sending crafted registration messages that elicit amplified responses directed at a target. This allows the adversary to conduct volumetric DoS attacks that consume bandwidth and resources on victim systems without requiring prior access or credentials.
VMware and NetApp advisories, along with Curesec analysis, address mitigation steps for affected SLP deployments. Public references also include the original RFC 2608 specification and a proof-of-concept tool released on GitHub.
The associated EPSS score has remained elevated, reaching a peak of 0.9296.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-33094
Vulnerability details
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
- CWE(s)
- KEV Date Added
- 08 November 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the unauthenticated remote service registrations that the SLP flaw permits.
Boundary filtering or ACLs can drop unauthorized SLP UDP traffic before it reaches vulnerable implementations.
Provides denial-of-service protections that limit the impact of the amplification attack enabled by spoofed registrations.