Remote Configuration Alteration in Symantec Firewall Appliances
CVE-2004-1474

Currently unrated

Key Information:

Vendor: Symantec
Status: Gateway Security 360; Firewall Vpn Appliance 200; Nexland Wavebase Firewall Appliance; Gateway Security 320
Vendor: CVE Published:; 31 December 2004

Summary

The vulnerability in Symantec Enterprise Firewall and Gateway Security appliances arises from the use of a default read/write SNMP community string. This configuration flaw can be exploited by remote attackers to modify the firewall's configuration file, leading to potential unauthorized access and manipulation of network security settings. Affected models include various versions of the Symantec Enterprise Firewall/VPN Appliances and Gateway Security, which may expose systems to significant security risks if not updated.

References

http://secunia.com/advisories/12635

third-party-advisoryx_refsource_SECUNIA

http://securityresponse.symantec.com/avcenter/security/Co...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/173910

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability Reserved
Feb 13, 2005
Vulnerability published
Dec 31, 2004