"CISA Adds SLP Flaw to Its Known Exploited Vulnerabilities Catalog"

The US Cybersecurity and Infrastructure Security Agency (CISA) has added the Service Location Protocol (SLP) vulnerability, tracked as CVE-2023-29552 with a CVSS score of 7.5, to its Known Exploited Vulnerabilities (KEV) catalog. The SLP is a legacy service discovery protocol that enables computers and other devices to find services in a local area network without initial configuration. The flaw is a Denial-of-Service (DoS) vulnerability that an unauthenticated, remote attacker can exploit to register arbitrary services. An attacker can exploit the flaw to use spoofed User Datagram Protocol (UDP) traffic to carry out a DoS attack with a powerful amplification factor. This article continues to discuss the SLP vulnerability added to CISA's KEV catalog.

Security Affairs reports "CISA Adds SLP Flaw to Its Known Exploited Vulnerabilities Catalog"

Submitted by grigby1