CVE-2024-35270

Q: What is the severity of CVE-2024-35270?

CVE-2024-35270 has a CVSS score of 5.3 (MEDIUM). This vulnerability in the Windows iSCSI service allows attackers to cause a denial of service (DoS) by sending specially crafted packets to affected systems. It affects Windows servers and workstations running vulnerable versions of the iSCSI service. Successful exploitation would cause the iSCSI service to stop responding, disrupting storage connectivity.

5.3 MEDIUM

Denial of Service

📋 TL;DR

This vulnerability in the Windows iSCSI service allows attackers to cause a denial of service (DoS) by sending specially crafted packets to affected systems. It affects Windows servers and workstations running vulnerable versions of the iSCSI service. Successful exploitation would cause the iSCSI service to stop responding, disrupting storage connectivity.

💻 Affected Systems

Products:

Windows iSCSI Service

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows Server, Windows Client

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with iSCSI service enabled and accessible. Default Windows installations may not have iSCSI enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of iSCSI storage connectivity leading to application downtime, data unavailability, and potential business impact for storage-dependent systems.

🟠

Likely Case

Temporary service disruption requiring service restart, causing brief storage connectivity loss and potential application timeouts.

🟢

If Mitigated

Minimal impact with service restart capability and no data loss or privilege escalation.

🌐 Internet-Facing: LOW (iSCSI services typically not exposed to internet, requires network access to service port)

🏢 Internal Only: MEDIUM (internal attackers or compromised systems could exploit to disrupt storage infrastructure)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Denial of service vulnerabilities typically have lower exploitation complexity. No authentication required if network access to service is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35270

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft
2. Restart affected systems to complete installation
3. Verify iSCSI service is functioning normally

🔧 Temporary Workarounds

Network Segmentation

windows

Restrict network access to iSCSI service ports (TCP 3260) to trusted hosts only

Windows Firewall: New-NetFirewallRule -DisplayName 'Restrict iSCSI' -Direction Inbound -Protocol TCP -LocalPort 3260 -RemoteAddress TrustedIPs -Action Allow

Disable Unused iSCSI Service

windows

If iSCSI functionality is not required, disable the service

Stop-Service MSiSCSI
Set-Service MSiSCSI -StartupType Disabled

🧯 If You Can't Patch

Implement strict network access controls to iSCSI ports (TCP 3260)
Monitor iSCSI service health and implement automated restart procedures

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for applied patches or use: Get-HotFix | Where-Object {$_.HotFixID -match 'KB' for relevant patch}

Check Version:

systeminfo | findstr /B /C:'OS Name' /C:'OS Version'

Verify Fix Applied:

Verify iSCSI service is running and check Windows version matches patched version: winver

📡 Detection & Monitoring

Log Indicators:

Event ID 7031: Service terminated unexpectedly (MSiSCSI)
Event ID 7034: Service terminated unexpectedly
Increased iSCSI service restart events

Network Indicators:

Unusual traffic patterns to TCP port 3260
Multiple connection attempts to iSCSI service

SIEM Query:

source='windows' AND (event_id=7031 OR event_id=7034) AND service_name='MSiSCSI'

📊 Metadata

CVE ID: CVE-2024-35270

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: July 9, 2024

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35270 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35270 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Disable Unused iSCSI Service

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities