CVE-2023-29552

HIGH KEV RANSOMWARE

SLP - Denial of Service

Title source: llm

Exploitation Summary

CVE-2023-29552 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 8, 2023, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit from researchers including milo2012.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2023-29552, a vulnerability in Service Location Protocol (SLP) implementations that allows for Denial of Service (DoS) attacks. The provided scripts (`check_slp.py` and `slpload.py`) demonstrate the ability to send crafted SLP service requests and register services, which can lead to service disruption.

Description

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

Exploits (1)

gitlab WORKING POC

by milo2012 · dos

https://gitlab.com/milo2012/cve-2023-29552

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2023-29552, a vulnerability in Service Location Protocol (SLP) implementations that allows for Denial of Service (DoS) attacks. The provided scripts (`check_slp.py` and `slpload.py`) demonstrate the ability to send crafted SLP service requests and register services, which can lead to service disruption.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Service Location Protocol (SLP) implementations (e.g., OpenSLP)

No auth needed

Prerequisites: Network access to the target SLP service · Python environment with required dependencies (e.g., Scapy)

MITRE ATT&CK