Vulnerability CVE-2004-1473


Published: 2004-12-31   Modified: 2012-02-12

Description:
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Symantec -> Firewall vpn appliance 100 
Symantec -> Firewall vpn appliance 200 
Symantec -> Firewall vpn appliance 200r 
Symantec -> Gateway security 320 
Symantec -> Gateway security 360 
Symantec -> Gateway security 360r 
Symantec -> Nexland isb soho firewall appliance 
Symantec -> Nexland pro100 firewall appliance 
Symantec -> Nexland pro400 firewall appliance 
Symantec -> Nexland pro800 firewall appliance 
Symantec -> Nexland pro800turbo firewall appliance 
Symantec -> Nexland wavebase firewall appliance 

 References:
http://www.kb.cert.org/vuls/id/329230
http://xforce.iss.net/xforce/xfdb/17470
http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html
http://www.securityfocus.com/bid/11237
http://marc.theaimsgroup.com/?l=bugtraq&m=109588376426070&w=2
http://www.osvdb.org/10205
http://secunia.com/advisories/12635

Copyright 2024, cxsecurity.com

 

Back to Top