CVE-2023-29552
| CVE Published | 2023-04-25 |
|---|---|
| Related Vendor(s) | netapp, vmware, service_location_protocol_project, suse |
| Related Product(s) | service_location_protocol, esxi, manager_server, smi-s_provider, linux_enterprise_server |
| Exploitation Reported (CISA KEV) | 2023-11-08 |
| CVSS 3 Base Score | 7.5 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph