Skip to main content
close search
site logo
Dive Brief

More than 2K organizations at risk of major attacks linked to SLP vulnerability

Published April 25, 2023
David Jones's headshot
Reporter
Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
iStock via Getty Images

Dive Brief:

  • A high-severity vulnerability in a legacy internet protocol could lead to massive denial-of-service amplification attacks around the world at more than 2,000 organizations, researchers from BitSight and Curesec said Tuesday. 
  • Researchers have identified more than 54,000 instances of the service location protocol vulnerability, involving more than 670 different products, including VMware ESXi hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module and other products that attackers could leverage to launch these attacks. 
  • The Cybersecurity and Infrastructure Security Agency has reached out to affected vendors following coordinated disclosures from the researchers, according to BitSight. 

Dive Insight:

SLP was originally developed in 1997 as a mechanism for systems on a network to communicate with each other. However, researchers say SLP was never designed to be exposed to the public internet. 

VMware has disabled SLP by default since 2021 after issuing prior warnings about vulnerabilities in ESXi products. The company warned customers in February to apply security updates and disable OpenSLP after a series of ransomware attacks. 

Researchers warn such an attack using this vulnerability could result in one of the most powerful DoS attacks ever committed. 

“This flaw is easily exploitable and should be considered particularly dangerous to the global community given the large-scale amplification that can be achieved,” Pedro Umbelino, principal security researcher at BitSight, said via email.

VMware said in a blog post that earlier unsupported releases of ESXi, have been shown to be affected by the vulnerability. 

“As noted by the researchers, many SLP services visible to the internet appear to be older and likely abandoned services,” a spokesperson said via email. 

Currently supported services, including ESXi 7.x and 8.x lines are not impacted by the amplification attack, according to VMware.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell