Received this on bugtraq today:

Rigel Kent Security & Advisory Services Inc
http://www.rigelksecurity.com

Advisory # RK-001-04

Mike Sues
September 22, 2004

"Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security
Products"

Platform : Symantec Enterprise Firewall/VPN Appliances
100, 200, 200R
Symantec Gateway Security 320
Symantec Gateway Security 320, 360, 360R

Version : 100, 200, 200R
Prior to firmware build 1.63
320, 360, 360R
Prior to build 622

Configuration : Default

Abstract:
========

Three high-risk vulnerabilities have been identified in the Symantec
Enterprise Firewall products and two in the Gateway products. All are
remotely exploitable and allow an attacker to perform a denial of service
attack against the firewall, identify active services in the WAN interface
and exploit one of these services to collect and alter the firewall or
gateway's configuration.

Vulnerabilities:
===============

Issue RK-001-04-01:
Denial of service caused by a fast UDP port scan
Severity:
High
Description:
A fast map UDP port scan against all ports (i.e. 1-65535) on the WAN
interface of the firewall will cause the firewall to lock up and
stop
responding. Turning the power off and on will reset the firewall.

The Gateway Security products are not affected by this issue.
Countermeasure:
Install firmware build 1.63

Issue RK-001-04-02:
Filter bypass on WAN interface
Severity:
High
Description:
A UDP port scan against the WAN interface of the firewall from a
source
port of UDP 53 bypasses filter on WAN interface and exposes the
following
active services,

tftpd
snmpd
isakmp

All other ports are reported as closed.
Countermeasure:
100, 200, 200R
Install firmware build 1.63
320, 360, 360R
Install firmware build 622

Issue RK-001-04-03:
Default read/write community string on SNMP service
Severity:
High
Description:
The default read/write community string used by the firewall is
public,
allowing an attacker to collect and alter the firewall's
configuration.
By combining this with RK-001-04-02, an attacker is able to exploit
this
against the WAN interface by sending SNMP GET/SET requests whose
source
port is UDP 53.

Moreover, the administrative interface for the firewall does not
allow the
operator to disable the service nor change the community strings.
Countermeasure:
100, 200, 200R
Install firmware build 1.63
320, 360, 360R
Install firmware build 622

Credits:
=======

Rigel Kent Security & Advisory Services would like to thank Symantec for
their prompt response and action.
Yikes!!! And it's very easily exploited too.

Cheers,
cgkanchi