- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
Over 2,000 international organizations and 54,000 servers were impacted by the bug globally.
Service Location Protocol, or SLP, has a fresh flaw that security experts BitSight and Curesec have identified. This flaw enables users to launch numerous attacks against devices being targeted.
Criminals can launch devastating DoS attacks with an amplification factor of up to 2200 times using weak instances, the researchers added, which could render this attack one of the biggest multiplication strikes ever observed.
The Issue Found
The weakness called CVE-2023-29552 (CVSS: 8.6) impacts over 2,000 worldwide entities and over 54,000 freely accessible SLPs. VMWare ESXi hypervisors, Konica Minolta printers, Planex routers, IBM Integrated Management Module (IMM), SMC IPMI, and 665 additional product types are among them.
The ten nations with the most exposed SLP occurrences are the US, UK, Germany, Japan, Canada, Italy, Europe, and Brazil.
SLP is an internet service identification protocol which enables PCs as well as additional machines to discover facilities such as printers, file servers, and other network resources on a local network.
If CVE-2023-29552 is successfully exploited, a hacker can take advantage of weak SLP instances to perform a reflection amplification operation and flood the victim’s server with fraudulent traffic.
A hacker only has to find an SLP server on UDP port 427, boost the length of the UDP server’s reply by entering new services till the outcome buffer is full, and afterwards repeatedly forge an appeal to this service with the knowledge of the target’s IP address as the address of the source.
An attacker might achieve an approximate gain of 2,200 times by changing a tiny 29-byte request into a huge 65,000-byte response targeted on a victim by following these procedures.
Cybersecurity Measures to Prevent the Attacks
Customers are asked to eliminate SLP on devices directly linked to the Internet, or to restrict traffic across UDP and TCP port 427 to reduce the vulnerability. Effective authentication and access control must also be enforced, permitting exclusively verified ones to enter the appropriate network resources, and access must be carefully regulated and validated.
Cloudflare experts predict that the popularity of SLP-based DDoS breaches will rise dramatically in the next few weeks as hackers test a new DDoS replication route.