Symantec firewalls, gateways vulnerable
Several Symantec firewalls and gateway appliances are vulnerable to denial-of-service attacks that potentially allow a device's configuration to be altered. The vendor has released patches.
Security firm Symantec Corp. today announced a series of vulnerabilities in its firewalls and gateways that make them susceptible to denial-of-service attacks. Firmware fixes are available.
The Symantec Firewall/VPN Appliance 100, 200 and 200R and the Symantec Gateway Security 320, 360 and 360R are all affected.
According to information released by the Cupertino, Calif.-based company, the firewalls are vulnerable to three kinds of attacks: someone can perform a denial-of-service attack, identify services on the WAN interface and alter the firewall's configuration.
The firewalls are vulnerable to all three exploits. The gateways are only vulnerable to the later two.
 |
||||
|
|
|||
|
||||
As a result, a hacker can scan for UDP services and communicate with them. And the appliances can be manipulated because the Simple Network Management Protocol read/write community strings can't be changed, allowing an attacker to gain access and then manipulate the firewall's configuration.
Symantec has released firmware builds to address the vulnerabilities.
Ottawa-based Rigel Kent Security & Advisory Services reported the vulnerabilities to Symantec. Symantec said that it is unaware of any attempts to exploit these vulnerabilities.
Start the conversation
0 comments