Symantec Patches High Risk Flaws
Vulnerabilities in Nexland Firewall appliances put users at risk of security bypass, manipulation of data and denial-of-service attacks.Network security vendor Symantec Corp. has rolled out fixes for three high-risk security holes in its Nexland Firewall appliances. The flaws could put users at risk of security bypass, manipulation of data and denial-of-service attacks, according to an advisory from research outfit Secunia, which rates the vulnerabilities as "highly critical." Symantec confirmed that the vulnerabilities had been identified in the Symantec Firewall/VPN Appliance 100, 200 and 200R models. The Symantec Gateway Security 320, 360 and 360R are vulnerable to only two of the issues, which have been resolved, the company explained in a note posted online.
"All of these vulnerabilities are remotely exploitable and can allow an attacker to perform a denial of service attack against the firewall appliance, identify active services in the WAN interface, and exploit one of these services to collect and alter the firewalls configuration," the company warned.