Smi S Provider
CVE-2023-29552
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionNVD
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
AnalysisAI
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. Affected products include: Netapp Smi-S Provider, Suse Manager Server, Suse Linux Enterprise Server, Vmware Esxi, Service Location Protocol Project Service Location Protocol.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Smi S Provider
View allA denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values fo
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for i
An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Rated high sev
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Rated high severity (CVSS 7.5), this v
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. Rated
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehas
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (C
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today