{"vuid":"VU#441078","idnumber":"441078","name":"Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan","keywords":["Symantec Firewall","DoS","denial of service"],"overview":"A vulnerability in the Symantec Firewall/VPN appliance could allow an attacker to cause a denial-of-service condition.","clean_desc":"The Symantec Firewall/VPN appliance supports a number of services that utilize the UDP protocol including tftpd, snmpd, and isakmp. There is a vulnerability in the Firewall/VPN appliance that allows a UDP port scan on the WAN interface against all ports (i.e. 1-65535) to cause the device to stop responding. In order to regain functionality, the device must be powered off and back on. Affected Products: Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)\nSymantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)","impact":"A remote, unauthenticated attacker could cause a denial-of-service condition.","resolution":"Upgrade Firmware\nAccording to the Symantec Advisory, product specific firmware and hotfixes are available via the Symantec Enterprise Support site. http://www.symantec.com/techsupp/","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Symantec. Symantec credits Mike Sues and the Rigel Kent Security & Advisory Services for discovering the vulnerability.","author":"This document was written by Damon Morda.","public":["http://www.sarc.com/avcenter/security/Content/2004.09.22.html","http://www.rigelksecurity.com/Services/Svcs_sec_advis.html","http://secunia.com/advisories/12635/","http://www.securityfocus.com/bid/11237","http://www.securitytracker.com/alerts/2004/Sep/1011389.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-09-23T13:25:01Z","publicdate":"2004-09-22T00:00:00Z","datefirstpublished":"2004-10-20T14:36:57Z","dateupdated":"2004-10-20T14:37:02Z","revision":8,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"7","cam_impact":"5","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"5.775","cam_scorecurrentwidelyknown":"7.0875","cam_scorecurrentwidelyknownexploited":"12.3375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.775,"vulnote":null}