Skip to content

x2200 more powerful DDoS attacks with SLP into the wild

A new SLP (Service Location Protocol) vulnerability has been discovered that could allow attackers to take control of devices on a network. The vulnerability, which has been dubbed “SLPPrint,” affects devices running the Service Location Protocol and is considered highly critical.

Service Location Protocol (SLP) is a protocol used for service discovery on a local area network (LAN). It is typically used in enterprise environments to allow users to find printers, servers, and other network devices. However, SLPPrint allows an attacker to inject malicious code into the SLP packets, allowing them to execute arbitrary code on the targeted device.

The vulnerability, which has been assigned the identifier CVE-2023-29552 (CVSS score: 8.6), is said to impact more than 2,000 global organizations and over 54,000 SLP instances that are accessible over the internet.

According to the researchers who discovered the vulnerability, attackers can exploit this vulnerability to remotely execute code on vulnerable devices. They have also demonstrated that an attacker can use this vulnerability to install a backdoor on a printer, allowing them to take control of it and access sensitive data stored on the printer.

The SLPPrint vulnerability affects a wide range of network devices, including printers, servers, and other network-connected devices. It is not limited to any particular brand or model of device. This means that any organization with vulnerable devices on its network is at risk.

The vulnerability is considered highly critical due to the ease with which it can be exploited. Attackers can exploit this vulnerability remotely without the need for authentication, making it an attractive target for cybercriminals. In addition, the SLP protocol is often enabled by default on many devices, which makes it even easier for attackers to exploit.

To mitigate the risk posed by this vulnerability, organizations are advised to disable the SLP protocol on vulnerable devices, where possible. This can be done by disabling the SLP service on affected devices or by blocking SLP traffic at the network perimeter.

In addition, organizations should ensure that all network devices are regularly updated with the latest security patches and firmware updates. This will help to ensure that any known vulnerabilities are addressed, reducing the risk of a successful attack.

Overall, the SLPPrint vulnerability highlights the importance of regular vulnerability assessments and penetration testing to identify vulnerabilities before they can be exploited by attackers. Organizations should also implement a layered security approach that includes regular security awareness training for employees, network segmentation, and intrusion detection and prevention systems to detect and block attacks before they can cause damage.

More specific report could be found here https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp