Vulnerabilities > CVE-2004-1473 - Remote vulnerability in Symantec Enterprise Firewall/VPN Appliance
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53.
Vulnerable Configurations
Nessus
| NASL family | Firewalls |
| NASL id | KERIO_PF_UDPBYPASS.NASL |
| description | It is possible to bypass the rules of the remote firewall by sending UDP packets with a source port equal to 53. An attacker may use this flaw to inject UDP packets to the remote hosts, in spite of the presence of a firewall. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11580 |
| published | 2003-05-06 |
| reporter | This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/11580 |
| title | Firewall UDP Packet Source Port 53 Ruleset Bypass |
References
- http://marc.info/?l=bugtraq&m=109588376426070&w=2
- http://secunia.com/advisories/12635
- http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html
- http://www.kb.cert.org/vuls/id/329230
- http://www.osvdb.org/10205
- http://www.securityfocus.com/bid/11237
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17470