移至主內容
Reflective Denial-of-Service (DoS) Amplification Vulnerability in Service Location Protocol SLP

Vulnerability Disclosure:

The purpose of this vulnerability disclosure is to communicate of the potential vulnerability of Supermicro products that was found externally.

Findings:

The Service Location Protocol (SLP) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

CVE:

  • CVE: CVE-2023-29552
  • Severity: High

Affected products:

Product affected is Supermicro BMC firmware running on the Blade Chassis Management Module (CMM)

Solution:

  • CMM Neighbors feature using SLP will be disabled on CMM.
  • A warning will be issued if a user selects an option to enable CMM Neighbors feature.

Resources: