| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Symantec Enterprise Firewall 320/360/360r. This affects an unknown part. Performing a manipulation results in denial of service. This vulnerability is cataloged as CVE-2004-1472. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Symantec Enterprise Firewall 320/360/360r (Firewall Software). This affects some unknown functionality. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. The summary by CVE is:
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface.
The bug was discovered 09/22/2004. The weakness was shared 09/22/2004 by Mike Sues with Rigel Kent Security & Advisory Services (Website). The advisory is shared at sarc.com. This vulnerability is uniquely identified as CVE-2004-1472 since 02/13/2005. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but an exploit is available. MITRE ATT&CK project uses the attack technique T1499 for this issue.
After immediately, there has been an exploit disclosed. The exploit is shared for download at sourceforge.net. It is declared as proof-of-concept. The commercial vulnerability scanner Qualys is able to test this issue with plugin 78045 (Symantec Enterprise Firewall/VPN Appliance Multiple Remote Vulnerabilities (SYM04-013)).
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at ftp.symantec.com. The best possible mitigation is suggested to be upgrading to the latest version. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 3115.
The vulnerability is also documented in the databases at X-Force (17469), SecurityFocus (BID 11237†), OSVDB (10204†), Secunia (SA12635†) and SecurityTracker (ID 1011389†). The entries VDB-848, VDB-847, VDB-22761 and VDB-22762 are related to this item. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.9
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Patch: ftp.symantec.com
TippingPoint: 🔍
Timeline
09/22/2004 🔍09/22/2004 🔍
09/22/2004 🔍
09/22/2004 🔍
09/22/2004 🔍
09/22/2004 🔍
09/23/2004 🔍
09/27/2004 🔍
12/31/2004 🔍
12/31/2004 🔍
02/13/2005 🔍
04/29/2007 🔍
11/21/2024 🔍
Sources
Vendor: symantec.comAdvisory: sarc.com
Researcher: Mike Sues
Organization: Rigel Kent Security & Advisory Services
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2004-1472 (🔍)
GCVE (CVE): GCVE-0-2004-1472
GCVE (VulDB): GCVE-100-849
CERT: 🔍
X-Force: 17469 - Symantec Firewall/VPN UDP scan denial of service, Medium Risk
SecurityFocus: 11237 - Symantec Enterprise Firewall/VPN Appliance Multiple Remote Vulnerabilities
Secunia: 12635 - Symantec Firewall/VPN Products Multiple Vulnerabilities, Highly Critical
OSVDB: 10204 - Symantec Enterprise Firewall/VPN Appliance UDP Port Scan DoS
SecurityTracker: 1011389
Vulnerability Center: 14971 - Symantec Enterprise Firewall/VPN Appliances Denial of Service via Fast UDP Port Scan, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 09/27/2004 10:58Updated: 11/21/2024 14:50
Changes: 09/27/2004 10:58 (84), 06/29/2019 11:14 (8), 11/21/2024 14:50 (18)
Complete: 🔍
Cache ID: 216:9BE:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.