Rewterz Threat Advisory – CVE-2022-26804 – Microsoft Office Graphics Vulnerability
April 26, 2023Rewterz Threat Alert – Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
April 26, 2023Rewterz Threat Advisory – CVE-2022-26804 – Microsoft Office Graphics Vulnerability
April 26, 2023Rewterz Threat Alert – Qakbot aka Pinkslipbot or Qbot Malware – Active IOCs
April 26, 2023Severity
High
Analysis Summary
CVE-2023-29552
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
CVE-2023-29552 is a vulnerability in SLP that could allow for a reflective denial-of-service amplification attack. In their latest blog they mentioned that VMware ESXi releases that support (ESXi 7.x and 8.x lines) is not impacted by the CVE-2023-29552 vulnerability in SLP. However, it’s still recommended to stay vigilant and apply any available security patches or updates in a timely manner to help ensure the security and reliability of your systems.
Also, VMware has confirmed that releases that have reached end of general support (EOGS), such as ESXi 6.7 and 6.5, are impacted by the CVE-2023-29552 vulnerability. This means that organizations still using these releases may be at risk of a reflective denial-of-service amplification attack targeting the Service Location Protocol (SLP).
Upgrading to a supported release line that is not impacted by the vulnerability is the best option to address CVE-2023-29552. ESXi 7.0 U2c and newer, and ESXi 8.0 GA and newer, come with the SLP service hardened, disabled by default, and filtered by the ESXi firewall. If an upgrade to a supported release is not possible, it is recommended that ESXi admins ensure that their ESXi hosts are not exposed to untrusted networks and also disable SLP using the instructions provided in KB76372.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-29552
Affected Vendors
VMware
Affected Products
- VMware vSphere ESXi 6.7
- VMware vSphere ESXi 6.0
- VMware vSphere ESXi 6.5
Remediation
Refer to VMware Knowledge Base for patch, upgrade or suggested workaround information.