Symantec Enterprise Firewall/VPN Appliances up to 1.62 Configuration File unknown vulnerability
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.0 | $0-$5k | 0.00 |
A vulnerability classified as problematic was found in Symantec Enterprise Firewall and VPN Appliances up to 1.62 (Firewall Software). This vulnerability affects an unknown code block of the component Configuration File. As an impact it is known to affect integrity. CVE summarizes:
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall s configuration file.
The bug was discovered 09/22/2004. The weakness was disclosed 09/22/2004 by Rigel Kent (Mike) as confirmed advisory (CERT.org). The advisory is available at kb.cert.org. This vulnerability was named CVE-2004-1474 since 02/13/2005. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are unknown but an exploit is available.
After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 10264 (SNMP Agent Default Community Names), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SNMP and running in the context r. The commercial vulnerability scanner Qualys is able to test this issue with plugin 78045 (Symantec Enterprise Firewall/VPN Appliance Multiple Remote Vulnerabilities (SYM04-013)).
Upgrading to version 1.63 eliminates this vulnerability.Proper firewalling of is able to address this issue. The best possible mitigation is suggested to be applying a restrictive firewalling. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 3115.
The vulnerability is also documented in the databases at X-Force (17471) and Tenable (10264). The entries 849, 848, 847 and 4154 are pretty similar.
Product
Type
Vendor
Name
Version
- 1.0
- 1.1
- 1.2
- 1.3
- 1.4
- 1.5
- 1.6
- 1.7
- 1.8
- 1.9
- 1.10
- 1.11
- 1.12
- 1.13
- 1.14
- 1.15
- 1.16
- 1.17
- 1.18
- 1.19
- 1.20
- 1.21
- 1.22
- 1.23
- 1.24
- 1.25
- 1.26
- 1.27
- 1.28
- 1.29
- 1.30
- 1.31
- 1.32
- 1.33
- 1.34
- 1.35
- 1.36
- 1.37
- 1.38
- 1.39
- 1.40
- 1.41
- 1.42
- 1.43
- 1.44
- 1.45
- 1.46
- 1.47
- 1.48
- 1.49
- 1.50
- 1.51
- 1.52
- 1.53
- 1.54
- 1.55
- 1.56
- 1.57
- 1.58
- 1.59
- 1.60
- 1.61
- 1.62
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.0
VulDB Base Score: 5.3
VulDB Temp Score: 5.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: UnknownCWE: Unknown
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 10264
Nessus Name: SNMP Agent Default Community Names
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 802243
OpenVAS Name: Report default community names of the SNMP Agent
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: FirewallStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: Enterprise Firewall/VPN Appliances 1.63
TippingPoint: 🔍
Timeline
11/25/2002 🔍09/22/2004 🔍
09/22/2004 🔍
09/22/2004 🔍
09/22/2004 🔍
09/22/2004 🔍
09/23/2004 🔍
09/23/2004 🔍
12/31/2004 🔍
02/13/2005 🔍
12/04/2005 🔍
02/27/2015 🔍
06/30/2021 🔍
Sources
Vendor: symantec.comAdvisory: kb.cert.org
Researcher: Rigel Kent (Mike)
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2004-1474 (🔍)
X-Force: 17471
Vulnerability Center: 9808 - Symantec Firewall/VPN, Gateway and Nexland Allows Altering of Firewall\x27s Configuration File, Medium
SecurityFocus: 11237 - Symantec Enterprise Firewall/VPN Appliance Multiple Remote Vulnerabilities
Secunia: 12635 - Symantec Firewall/VPN Products Multiple Vulnerabilities, Highly Critical
OSVDB: 10206 - Symantec Firewall/Gateway Default SNMP String Allows Device Configuration Disclosure/Modification
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 02/27/2015 15:53Updated: 06/30/2021 17:43
Changes: 02/27/2015 15:53 (85), 06/12/2019 07:12 (2), 06/30/2021 17:43 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.