CVE-2013-20004 – This vulnerability in StarWind iSCSI target all... (How to Fix)

📋 TL;DR

This vulnerability in StarWind iSCSI target allows attackers to cause denial of service by repeatedly attempting connections to non-existent targets, which causes the service to allocate memory without limits. This affects StarWind iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16. Organizations using this specific version are vulnerable.

💻 Affected Systems

Products:

StarWind iSCSI SAN (Windows Native)

Versions: Version 6.0, build 2013-01-16

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific build mentioned; other versions may not be vulnerable

📦 What is this software?

Iscsi San by Starwindsoftware

View all CVEs affecting Iscsi San →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage due to memory exhaustion, rendering iSCSI storage inaccessible to legitimate clients

🟠

Likely Case

Service degradation or crash requiring manual restart, disrupting storage access

🟢

If Mitigated

Minimal impact with connection rate limiting and memory protection controls

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication

🏢 Internal Only: HIGH - Internal attackers or compromised systems can easily trigger the DoS

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple connection flooding attack requiring no authentication or special tools

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after build 2013-01-16

Vendor Advisory: https://www.starwindsoftware.com/security/sw-20130215-0001/

Restart Required: Yes

Instructions:

1. Download updated version from StarWind website
2. Backup configuration
3. Install update
4. Restart StarWind service

🔧 Temporary Workarounds

Network Access Control

windows

Restrict iSCSI port access to trusted networks only

Use Windows Firewall: New-NetFirewallRule -DisplayName "Block iSCSI" -Direction Inbound -LocalPort 3260 -Protocol TCP -Action Block

Connection Rate Limiting

all

Implement network-level connection rate limiting

🧯 If You Can't Patch

Isolate iSCSI network segment from untrusted networks
Implement monitoring for abnormal connection patterns

🔍 How to Verify

Check if Vulnerable:

Check StarWind service version in About dialog or registry: HKEY_LOCAL_MACHINE\SOFTWARE\StarWind Software\StarWind\Version

Check Version:

reg query "HKLM\SOFTWARE\StarWind Software\StarWind" /v Version

Verify Fix Applied:

Verify version is newer than 6.0 build 2013-01-16 and test connection flooding

📡 Detection & Monitoring

Log Indicators:

High frequency of failed connection attempts in StarWind logs
Memory usage spikes in system logs

Network Indicators:

Unusual volume of TCP connections to port 3260
Connection attempts to non-existent iSCSI targets

SIEM Query:

source="starwind.log" AND "connection failed" | stats count by src_ip | where count > 100

📊 Metadata

CVE ID: CVE-2013-20004

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-400

Published: February 6, 2022

Last Updated: November 21, 2024

🔗 References

https://www.starwindsoftware.com/security/sw-20130215-0001/ Vendor Advisory
https://www.starwindsoftware.com/security/sw-20130215-0001/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-20004, you might also want to check these: