Security firm Symantec Corp. today announced a series of vulnerabilities in its firewalls and gateways that make
them susceptible to denial-of-service attacks. Firmware fixes are available.
The Symantec Firewall/VPN Appliance 100, 200 and 200R and the Symantec Gateway Security 320, 360 and 360R are all affected.
According to information released by the Cupertino, Calif.-based company, the firewalls are vulnerable to three kinds of attacks: someone can perform a denial-of-service attack, identify services on the WAN interface and alter the firewall's configuration.
The firewalls are vulnerable to all three exploits. The gateways are only vulnerable to the later two.
As a result, a hacker can scan for UDP services and communicate with them. And the appliances can be manipulated because the Simple Network Management Protocol read/write community strings can't be changed, allowing an attacker to gain access and then manipulate the firewall's configuration.
Symantec has released firmware builds to address the vulnerabilities.
Ottawa-based Rigel Kent Security & Advisory Services reported the vulnerabilities to Symantec. Symantec said that it is unaware of any attempts to exploit these vulnerabilities.