On Wednesday, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued a stark warning, adding a high-severity vulnerability in the Service Location Protocol (SLP) to its roster of Known Exploited Vulnerabilities (KEV). The agency cited compelling evidence of ongoing exploitation of this particular vulnerability.
Tracked as CVE-2023-29552 and carrying a CVSS score of 7.5, this vulnerability represents a significant threat. Identified as a denial-of-service (DoS) vulnerability, malicious actors could potentially exploit it to launch large-scale DoS amplification assaults.
BitSight and Curesec brought a crucial discovery to light in April, making the public aware of a significant vulnerability.
According to the CISA report, “The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.”
SLP, a protocol integral to local area networks (LANs), facilitates communication between computers on the network by enabling them to discover and interact with each other.
While the exact details of how the vulnerability could be exploited for a denial-of-service (DoS) attack with a significant amplification factor remain undisclosed, BitSight had previously sounded a cautionary note. They warned that the flaw could potentially be manipulated in a manner that triggers the vulnerability.
“This extremely high amplification factor allows for an under-resourced threat actor to have a significant impact on a targeted network and/or server via a reflection DoS amplification attack,” according to the report.
Government agencies are advised to implement necessary mitigations by November 29, 2023, as real-world attacks have already exploited the vulnerability. This includes the crucial step of disabling the SLP service on systems operating in untrusted networks. This proactive measure is essential to safeguard their networks from potential threats.
In conclusion, the urgency to address and mitigate the exploited SLP vulnerability underscores the critical need for swift and decisive action. With government agencies setting a deadline of November 29, 2023, for implementing essential safeguards, it is imperative for organizations to prioritize the protection of their networks. Proactive measures, such as disabling the SLP service on systems operating in untrusted networks, play a pivotal role in fortifying defences against potential threats. Staying vigilant and responsive to emerging vulnerabilities is crucial in maintaining the resilience of our digital infrastructure
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.