OSVDB ID: 10206

Title: Symantec Firewall/Gateway Default SNMP String Allows Device Configuration Disclosure/Modification

Info

Disclosure

Sep 22, 2004

Discovery

Unknown

Dates

Exploit

Sep 22, 2004

Solution

Unknown

Description

Symantec Firewall/Gateway products contain a flaw that may allow a malicious user to read from and write to the devices configuration setting via SNMP. The issue is triggered because the Firewall/Gateway products use a standard default community string and do not allow the administrator to disable SNMP or change the community string. It is possible that the flaw may allow disclosure and modification of device settings resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Security Software

Solution

Upgrade to firmware version 1.63 or higher for Firewall/VPN products and firmware build 622 or later for Gateway products, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Symantec Corporation	Firewall	100
		200
		200R
	Gateway	320
		360
		360R

References

Security Tracker: 1011388 1011389
Related OSVDB ID: 10204 10205
Secunia Advisory ID: 12635 13671
CVE ID: 2004-1474 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0278.html
http://archives.neohapsis.com/archives/bugtraq/2004-09/0294.html
Vendor Specific Advisory URL: http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html
http://www.sarc.com/avcenter/security/Content/2004.09.22.html
Vendor URL: http://www.symantec.com/
Keyword: RK-001-04-03

Credit

Rigel Kent - msuesrigelksecurity.com - Security & Advisory Services Inc

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Symantec Corporation

Firewall

Gateway

References

Credit