CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

admin by admin
April 26, 2023
in Information Security


Apr 25, 2023Ravie LakshmananNetwork Security / DDoS

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets.

“Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it one of the largest amplification attacks ever reported,” Bitsight and Curesec researchers Pedro Umbelino and Marco Lux said in a report shared with The Hacker News.

The vulnerability, which has been assigned the identifier CVE-2023-29552 (CVSS score: 8.6), is said to impact more than 2,000 global organizations and over 54,000 SLP instances that are accessible over the internet.

This includes VMWare ESXi Hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module (IMM), SMC IPMI, and 665 other product types.

The top 10 countries with the most organizations having vulnerable SLP instances are the U.S., the U.K., Japan, Germany, Canada, France, Italy, Brazil, the Netherlands, and Spain.

SLP is a service discovery protocol that makes it possible for computers and other devices to find services in a local area network such as printers, file servers, and other network resources.

Successful exploitation of CVE-2023-29552 could allow permit an attacker to take advantage of susceptible SLP instances to launch a reflection amplification attack and overwhelm a target server with bogus traffic.

To do so, all an attacker needs to do is find an SLP server on UDP port 427 and register “services until SLP denies more entries,” followed by repeatedly spoofing a request to that service with a victim’s IP as the source address.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

An attack of this kind can produce an amplification factor of up to 2,200, resulting in large-scale DoS attacks. To mitigate against the threat, users are recommended to disable SLP on systems directly connected to the internet, or alternatively filter traffic on UDP and TCP port 427.

“It is equally important to enforce strong authentication and access controls, allowing only authorized users to access the correct network resources, with access being closely monitored and audited,” the researchers said.

Web security company Cloudflare, in an advisory, said it “expects the prevalence of SLP-based DDoS attacks to rise significantly in the coming weeks” as threat actors experiment with the new DDoS amplification vector.

The findings come as a now-patched two-year-old flaw in VMware’s SLP implementation was exploited by actors associated with the ESXiArgs ransomware in widespread attacks earlier this year.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

AWS achieves an AAA Pinakes rating for Spanish financial entities

Next Post

Innovativeglobalists

Related Posts

Information Security

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

by admin
May 30, 2023
Information Security

Advice to SMB CEOs from a former CIO

by admin
May 30, 2023
Information Security

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

by admin
May 29, 2023
Information Security

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

by admin
May 28, 2023
Information Security

Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data

by admin
May 27, 2023
Next Post

Innovativeglobalists

Recommended

Illustratereinvention ~ Future of CIO

May 30, 2023

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

May 30, 2023

Advice to SMB CEOs from a former CIO

May 30, 2023

Innovation & Information ~ Future of CIO

May 29, 2023

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

May 29, 2023

Innovativegrowth ~ Future of CIO

May 28, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.