Rewterz Threat Advisory – CVE-2023-29552 – VMware vSphere ESXi Vulnerability

Severity

High

Analysis Summary

CVE-2023-29552

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

CVE-2023-29552 is a vulnerability in SLP that could allow for a reflective denial-of-service amplification attack. In their latest blog they mentioned that VMware ESXi releases that support (ESXi 7.x and 8.x lines) is not impacted by the CVE-2023-29552 vulnerability in SLP. However, it’s still recommended to stay vigilant and apply any available security patches or updates in a timely manner to help ensure the security and reliability of your systems.

Also, VMware has confirmed that releases that have reached end of general support (EOGS), such as ESXi 6.7 and 6.5, are impacted by the CVE-2023-29552 vulnerability. This means that organizations still using these releases may be at risk of a reflective denial-of-service amplification attack targeting the Service Location Protocol (SLP).

Upgrading to a supported release line that is not impacted by the vulnerability is the best option to address CVE-2023-29552. ESXi 7.0 U2c and newer, and ESXi 8.0 GA and newer, come with the SLP service hardened, disabled by default, and filtered by the ESXi firewall. If an upgrade to a supported release is not possible, it is recommended that ESXi admins ensure that their ESXi hosts are not exposed to untrusted networks and also disable SLP using the instructions provided in KB76372.

Impact

• Denial of Service

Indicators Of Compromise

CVE

• CVE-2023-29552

Affected Vendors

VMware

Affected Products

• VMware vSphere ESXi 6.7
• VMware vSphere ESXi 6.0
• VMware vSphere ESXi 6.5

Remediation

Refer to VMware Knowledge Base for patch, upgrade or suggested workaround information. 

VMware Knowledge Base