Security News > 2023 > April > New SLP bug can lead to massive 2,200x DDoS amplification attacks
A new reflective Denial-of-Service amplification vulnerability in the Service Location Protocol allows threat actors to launch massive denial-of-service attacks with 2,200X amplification.
This flaw, tracked as CVE-2023-29552, was discovered by researchers at BitSight and Curesec, who say that over 2,000 organizations are using devices that expose roughly 54,000 exploitable SLP instances for use in DDoS amplification attacks.
According to BitSight, all these instances are vulnerable to CVE-2023-29552, which attackers can leverage to launch reflective DoS amplification attacks on targets.
DoS amplification attacks involve sending a request with the source IP address of the target of the attack to a vulnerable device, letting the size of data amplify within the abused service up to the maximum point, and then releasing the reply to the victim.
Usually, the size of a typical reply packet from an SLP server is between 48 and 350 bytes, so without manipulation, the amplification factor can reach up to 12x. However, by exploiting CVE-2023-29552, it's possible to increase the server's UDP response size by registering new services until the response buffer is full.
In a real attack scenario, a threat actor would leverage multiple SLP instances to launch such an attack, coordinating their responses and overwhelming their targets with massive traffic.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-25 | CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. | 7.5 |