The Cybersecurity & Infrastructure Security Agency (CISA) published a report alerting about DoS attacks that can be launched by exploiting a vulnerability in the Service Location Protocol (SLP). The exploitation of CVE-2023-29552 can give access to cyber criminals in registering arbitrary services.
Vulnerability in SLP (RFC 2608)
This high-severity vulnerability in SLP (RFC 2608) could lead to massive Denial of Service amplification attacks with a high factor of 2200 times. A factor of 2200 times would make it one of the biggest amplification attacks of all time.
The Service Location Protocol is a legacy internet protocol that helps find network services in local area networks for shared services. It can help connect with printers, intelligent lights, and file shares, etc.
Exploitation of the vulnerability in SLP
Cybercriminals can use spoofed UDP traffic to cause DoS attacks. CISA also advised organizations to disable connecting to SLP servers as most of the services visible today are abandoned systems. Reflecting on the SLP instances found in February 2023, a Bitsight blog post read, “We identified over 2,000 global organizations and over 54,000 SLP instances including VMware ESXi Hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module, SMC IPMI, and others.”
Such instances can be easily misused by cybercriminals to disrupt services in targeted networks. To alert governments and legal bodies in the United States of America, Bitsight shared this information with them also urging DoS teams at IT service management companies to work on preventing unforeseen events.
In the wake of discovering this vulnerability in SLP, CISA took the initiative to alert potentially impacted vendors to prevent further damage.
Effects of the vulnerability in SLP on VMware
Speaking about impacted devices, VMware published a blog post confirming that none of the presently supported ESXi releases (ESXi 7 .x and 8 .x lines) were impacted by the vulnerability in SLP. However, instances of exploitation were found in the products that have reached their end of general support (EOGS) life including 6.7 and 6.5.
Users are urged to upgrade their devices to a version not impacted by the vulnerability in SLP.
Exploitation of legacy devices and products
Legacy software and systems receive minimum to no technical or general support from the company. Use of such software especially in larger organizations can open the door to hackers looking for loopholes to hack devices. Moreso, in the absence of unpatched vulnerabilities.
Older versions of operating systems such as 7.8 and 8.1 in Microsoft and other software must be addressed and replaced with newer ones to amplify preventive and protective cyber best practices.
