Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows iSCSI

CVE-2024-35270: Windows iSCSI Service Denial of Service Vulnerability

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

Microsoft Security Response Center
#vulnerability#windows#dos#Windows iSCSI#Security Vulnerability
CVE-2023-21700: Windows iSCSI Discovery Service Denial of Service Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?** An attacker could impact availability of the service resulting in "denial of service"\[DOS\].

CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability

The following mitigating factors may be helpful in your situation: By default the iSCSI Initiator client application is disabled, in this state an attacker cannot exploit this vulnerability. For a system to be vulnerable, the iSCSI Initiator client application would need to be enabled.

CVE-2022-30140: Windows iSCSI Discovery Service Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.