search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan

Vulnerability Note VU#441078

Original Release Date: 2004-10-20 | Last Revised: 2004-10-20

Overview

A vulnerability in the Symantec Firewall/VPN appliance could allow an attacker to cause a denial-of-service condition.

Description

The Symantec Firewall/VPN appliance supports a number of services that utilize the UDP protocol including tftpd, snmpd, and isakmp. There is a vulnerability in the Firewall/VPN appliance that allows a UDP port scan on the WAN interface against all ports (i.e. 1-65535) to cause the device to stop responding. In order to regain functionality, the device must be powered off and back on.

Affected Products:

    • Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
    • Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)

Impact

A remote, unauthenticated attacker could cause a denial-of-service condition.

Solution

Upgrade FirmwareAccording to the Symantec Advisory, product specific firmware and hotfixes are available via the Symantec Enterprise Support site.

http://www.symantec.com/techsupp/

Vendor Information

441078
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Symantec. Symantec credits Mike Sues and the Rigel Kent Security & Advisory Services for discovering the vulnerability.

This document was written by Damon Morda.

Other Information

CVE IDs: None
Severity Metric: 5.78
Date Public: 2004-09-22
Date First Published: 2004-10-20
Date Last Updated: 2004-10-20 14:37 UTC
Document Revision: 8

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis