CVE Database · CVE-2023-29552
CVSS v3.1
7.5
EPSS
65.87%
Published
Apr 25, 2023
Modified
Oct 31, 2025
CISA Known Exploited Vulnerability
Added: 2023-11-08 · Due: 2023-11-29
Apply mitigations per vendor instructions or disable SLP service or port 427/UDP on all systems running on untrusted networks, including those directly connected to the Internet.
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HAffected Products (9)
References (17)