CVEFinder.io

CVE-2023-29552

⚠️ high
πŸ” Scan for this CVE
Summary

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

CVSS Score
7.5
High
EPSS Score
93.0
Exploit Probability
Published Date
2023-04-25
First Seen: 2026-01-05
πŸ“Š Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.4% of all 318,332 vulnerabilities in our database.

#97,391
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jan 28, 2025
πŸ” Exploitation Status
Active
Exploits detected in the wild
βš™οΈ Automatable
YES
Can be exploited automatically
πŸ’₯ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-10-31
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

πŸ“¦ Affected Products 7

Vendor Product Status Affected Versions
suse linux_enterprise_server Affected
v11
suse linux_enterprise_server Affected
v12
suse linux_enterprise_server Affected
v15
vmware esxi Affected
< 7.0
netapp smi-s_provider Affected
v-
suse manager_server Affected
v-
service_location_protocol_project service_location_protocol Affected
v-

πŸ”— References 9

https://blogs.vmware.com/security/2023/04/vmware-res...
Third Party Advisory
https://curesec.com/blog/article/CVE-2023-29552-Serv...
Exploit Third Party Advisory
https://datatracker.ietf.org/doc/html/rfc2608
Technical Description
https://github.com/curesec/slpload
Product
https://security.netapp.com/advisory/ntap-20230426-0...
Third Party Advisory
https://www.bitsight.com/blog/new-high-severity-vuln...
Exploit Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/04/25/a...
Third Party Advisory US Government Resource
https://www.suse.com/support/kb/doc/?id=000021051
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-25702 ⚠️ high 7.3 0.1 A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causi... 2026-03-05
CVE-2025-41236 β›” critical 9.3 0.0 VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.Β ... 2025-07-15
CVE-2025-41237 β›” critical 9.3 0.0 VMware ESXi,Β Workstation, and FusionΒ contain an integer-underflow in VMCI (Virtual Machine Communication Interface) th... 2025-07-15
CVE-2025-41238 β›” critical 9.3 0.0 VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controll... 2025-07-15
CVE-2025-41239 ⚠️ high 7.1 0.0 VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of ... 2025-07-15
CVE-2025-41226 πŸ”Ά medium 6.8 0.0 VMwareΒ ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation.Β A malicious acto... 2025-05-20
These CVEs affect the same products