ID CVE-2004-1473
Summary Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53.
References
Vulnerable Configurations
  • Symantec Firewall_VPN Appliance 100
    cpe:2.3:h:symantec:firewall_vpn_appliance_100
  • Symantec Firewall_VPN Appliance 200
    cpe:2.3:h:symantec:firewall_vpn_appliance_200
  • Symantec Firewall_VPN Appliance 200R
    cpe:2.3:h:symantec:firewall_vpn_appliance_200r
  • Symantec Gateway Security 320
    cpe:2.3:h:symantec:gateway_security_320
  • Symantec Gateway Security 360
    cpe:2.3:h:symantec:gateway_security_360
  • Symantec Gateway Security 360R
    cpe:2.3:h:symantec:gateway_security_360r
  • Symantec Nexland ISB SOHO Firewall Appliance
    cpe:2.3:h:symantec:nexland_isb_soho_firewall_appliance
  • Symantec Nexland Pro100 Firewall Appliance
    cpe:2.3:h:symantec:nexland_pro100_firewall_appliance
  • Symantec Nexland Pro400 Firewall Appliance
    cpe:2.3:h:symantec:nexland_pro400_firewall_appliance
  • Symantec Nexland Pro800 Firewall Appliance
    cpe:2.3:h:symantec:nexland_pro800_firewall_appliance
  • Symantec Nexland Pro800turbo Firewall Appliance
    cpe:2.3:h:symantec:nexland_pro800turbo_firewall_appliance
  • Symantec Nexland WaveBase Firewall Appliance
    cpe:2.3:h:symantec:nexland_wavebase_firewall_appliance
CVSS
Base: 5.0 (as of 28-06-2005 - 10:44)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Firewalls
NASL id KERIO_PF_UDPBYPASS.NASL
description It is possible to bypass the rules of the remote firewall by sending UDP packets with a source port equal to 53. An attacker may use this flaw to inject UDP packets to the remote hosts, in spite of the presence of a firewall.
last seen 2019-02-21
modified 2018-11-15
plugin id 11580
published 2003-05-06
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11580
title Firewall UDP Packet Source Port 53 Ruleset Bypass
refmap via4
bid 11237
bugtraq 20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products
cert-vn VU#329230
confirm http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html
osvdb 10205
secunia 12635
xf symantec-udp-obtain-info(17470)
Last major update 17-10-2016 - 22:54
Published 31-12-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top