CVE-2023-29552 IETF CVE debrief

Who should care

Network and security teams, infrastructure operators, and vendors or administrators that use or expose Service Location Protocol (SLP), especially on untrusted networks or Internet-connected systems.

Technical summary

The source corpus describes CVE-2023-29552 as a Service Location Protocol (SLP) denial-of-service vulnerability. CISA characterizes SLP as a common open-source component, third-party library, or protocol used by different products, which means affected exposure can vary by implementation. The key defensive concern is service availability, particularly where UDP port 427 is reachable from untrusted networks.

Defensive priority

High. CISA placed this issue in the Known Exploited Vulnerabilities catalog and provided immediate mitigation guidance, including disabling SLP or restricting UDP/427 on exposed systems.

Recommended defensive actions

• Check whether any products, appliances, or hosts in your environment use Service Location Protocol (SLP).
• Apply vendor-provided mitigations or updates as instructed by the product vendor.
• Disable the SLP service where it is not required.
• Block or restrict UDP port 427 on systems connected to untrusted networks, including systems directly exposed to the Internet.
• Prioritize remediation on externally reachable assets and shared infrastructure that could affect many downstream systems.

Evidence notes

This debrief is based on the CISA Known Exploited Vulnerabilities source item for CVE-2023-29552 and the linked official vulnerability records. The source item names the issue as an SLP denial-of-service vulnerability, marks it as a KEV entry, and gives defensive guidance to apply vendor mitigations or disable SLP / port 427/UDP on untrusted networks. The CVE and source-item dates supplied are both 2023-11-08; no CVSS score was provided in the supplied corpus.

Official resources