Security News > 2023 > April > New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks
Details have emerged about a high-severity security vulnerability impacting Service Location Protocol that could be weaponized to launch volumetric denial-of-service attacks against targets.
"Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service amplification attacks with a factor as high as 2200 times, potentially making it one of the largest amplification attacks ever reported," Bitsight and Curesec researchers Pedro Umbelino and Marco Lux said in a report shared with The Hacker News.
Successful exploitation of CVE-2023-29552 could allow permit an attacker to take advantage of susceptible SLP instances to launch a reflection amplification attack and overwhelm a target server with bogus traffic.
All an attacker needs to do is find an SLP server on UDP port 427 and register "Services until SLP denies more entries," followed by repeatedly spoofing a request to that service with a victim's IP as the source address.
Web security company Cloudflare, in an advisory, said it "Expects the prevalence of SLP-based DDoS attacks to rise significantly in the coming weeks" as threat actors experiment with the new DDoS amplification vector.
The findings come as a now-patched two-year-old flaw in VMware's SLP implementation was exploited by actors associated with the ESXiArgs ransomware in widespread attacks earlier this year.
News URL
https://thehackernews.com/2023/04/new-slp-vulnerability-could-let.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-25 | CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. | 7.5 |