urlscan.io logo urlscan.io
SecurityTrails logo

blogs.vmware.com Open in urlscan Pro
2a02:26f0:480:4ae::2ef  Public Scan

Back to summary
URL: https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplificatio...
Submission: On April 25 via manual from PK — Scanned from NL

Form analysis 1 forms found in the DOM

GET https://blogs.vmware.com/security/

<form class="search-form" method="get" action="https://blogs.vmware.com/security/">
  <label class="sr-only" for="s">Search</label>
  <input class="search-field" placeholder="Search" name="s">
  <input type="submit" value="Submit Search" class="search-submit btn">
</form>

Text Content

Menu VMware Security Blog
Search
Search
 * VMware Blogs
 * Communities
 * Tech Zone

 * RSS

 * Featured
   
   Announcements
   
   
   WHY CISOS SHOULD INVEST MORE INSIDE THEIR INFRASTRUCTURE
   
   Tom Gillis June 2, 2022 5 min read
   Threat Analysis Unit
   
   
   SERPENT - THE BACKDOOR THAT HIDES IN PLAIN SIGHT
   
   Threat Analysis Unit April 25, 2022 11 min read
   Executive Viewpoint
   
   
   HOW NOT TO BUILD A SOC
   
   Martin Holzworth April 18, 2022 14 min read
   Executive Viewpoint
   
   
   PODCAST: DISCUSSING THE LATEST SECURITY THREATS AND THREAT ACTORS - TOM
   KELLERMANN (VIRTUALLY SPEAKING)
   
   Editorial Staff April 13, 2022 1 min read
 * CategoriesToggle submenu
   
   * Announcements
   * Executive Viewpoint
   * Multi-Cloud Security
   * Modern Apps Security
   * Workload Security
   * Endpoint Security
   * Network Security
   * Threat Analysis Unit
   * VMware Security Response Center
 * VMware Security
   
 * Get A Demo
   


 * RSS


VMware Security Response Center


VMWARE RESPONSE TO CVE-2023-29552 – REFLECTIVE DENIAL-OF-SERVICE (DOS)
AMPLIFICATION VULNERABILITY IN SLP

Edward Hawkins April 25, 2023 1 min read
Share on:
 * Share on Twitter
 * Share on LinkedIn
 * Share on Facebook
 * Share on Reddit
 * Email this post
 * Copy Link

Greetings from the VMware Security Response Center!

Today we wanted to address CVE-2023-29552 – a vulnerability in SLP that could
allow for a reflective denial-of-service amplification attack that was disclosed
on April 25th, 2023.

VMware has investigated this vulnerability and determined that currently
supported ESXi releases (ESXi 7.x and 8.x lines) are not impacted.

However, releases that have reached end of general support (EOGS) such as 6.7
and 6.5 have been found to be impacted by CVE-2023-29552. As per previous
guidance and best practice VMware recommends that the best option to address
CVE-2023-29552 is to upgrade to a supported release line that is not impacted by
the vulnerability. ESXi 7.0 U2c and newer, and ESXi 8.0 GA and newer, ship with
the SLP service hardened, disabled by default, and filtered by the ESXi
firewall. In lieu of an upgrade to a supported release, ESXi admins should
ensure that their ESXi hosts are not exposed to untrusted networks and also
disable SLP following the instructions in KB76372.

VMware would like to thank Bitsight and CISA for reporting this vulnerability to
us.

EDWARD HAWKINS

Edward Hawkins is with the VMware Security Response Center working as our
High-Profile Product Incident Response Manager.


RELATED ARTICLES

VMware Security Response Center


VMWARE RESPONSE TO CVE-2023-29552 - REFLECTIVE DENIAL-OF-SERVICE (DOS)
AMPLIFICATION VULNERABILITY IN SLP

Edward Hawkins April 25, 2023 1 min read
VMware Security Response Center


EMBEDDED VSPHERE HARBOR DEFAULT ENABLEMENT RESULTS IN AN INSECURE CONFIGURATION

Monty Ijzerman March 30, 2023 3 min read
VMware Security Response Center


VMWARE AND PWN2OWN VANCOUVER 2023

Kevin Hagopian, Praveen Singh March 16, 2023 3 min read




×


Company

About Us Executive Leadership News & Stories Investor Relations Customer Stories
Diversity, Equity & Inclusion Environment, Social & Governance
Careers Blogs Communities Acquisitions Office Locations VMware Cloud Trust
Center COVID-19 Resources

Support

VMware Customer Connect Support Policies Product Documentation Compatibility
Guide Terms & Conditions California Transparency Act Statement
Twitter YouTube Facebook LinkedIn Contact Sales

--------------------------------------------------------------------------------

© 2023 VMware, Inc. Terms of Use Your California Privacy Rights Privacy
Accessibility Site Map Trademarks Glossary Help Feedback


Cookies Settings


WE CARE ABOUT YOUR PRIVACY

We use cookies to provide you with the best experience on our website, to
improve usability and performance and thereby improve what we offer to you. Our
website may also use third-party cookies to display advertising that is more
relevant to you. By clicking on the “Accept All” button you agree to the storing
of cookies on your device. If you close the cookie banner, only strictly
necessary cookies will be stored on your device. If you want to know more about
how we use cookies, please see our Cookie Policy.

Cookies Settings Accept All Cookies



COOKIE PREFERENCE CENTER




 * GENERAL INFORMATION ON COOKIES


 * STRICTLY NECESSARY


 * PERFORMANCE


 * FUNCTIONAL


 * ADVERTISING


 * SOCIAL MEDIA

GENERAL INFORMATION ON COOKIES

When you visit our website, we use cookies to ensure that we give you the best
experience. This information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies by clicking on the
different category headings to find out more and change your settings. However,
blocking some types of cookies may impact your experience on the site and the
services we are able to offer. Further information can be found in our
Cookie Policy.

STRICTLY NECESSARY

Always Active

Strictly necessary cookies are always enabled since they are essential for our
website to function. They enable core functionality such as security, network
management, and website accessibility. You can set your browser to block or
alert you about these cookies, but this may affect how the website functions.
For more information please visit www.aboutcookies.org or
www.allaboutcookies.org.

Cookies Details‎

PERFORMANCE

Performance


Performance cookies are used to analyze the user experience to improve our
website by collecting and reporting information on how you use it. They allow us
to know which pages are the most and least popular, see how visitors move around
the site, optimize our website and make it easier to navigate.

Cookies Details‎

FUNCTIONAL

Functional


Functional cookies help us keep track of your past browsing choices so we can
improve usability and customize your experience. These cookies enable the
website to remember your preferred settings, language preferences, location and
other customizable elements such as font or text size. If you do not allow these
cookies, then some or all of these services may not function properly.

Cookies Details‎

ADVERTISING

Advertising


Advertising cookies are used to send you relevant advertising and promotional
information. They may be set through our site by third parties to build a
profile of your interests and show you relevant advertisements on other sites.
These cookies do not directly store personal information, but their function is
based on uniquely identifying your browser and internet device.

Cookies Details‎

SOCIAL MEDIA

Social Media


Social media cookies are intended to facilitate the sharing of content and to
improve the user experience. These cookies can sometimes track your activities.
We do not control social media cookies and they do not allow us to gain access
to your social media accounts. Please refer to the relevant social media
platform’s privacy policies for more information.

Cookies Details‎
Back Button


COOKIE LIST

Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * View Third Party Cookies
    * Name
      cookie name


Clear
checkbox label label
Apply Cancel
Confirm My Choices
Allow All

word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word

mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1