UDP Source Port Pass Firewall

 QID:34020Category:FirewallCVE ID:-Vendor Reference-Bugtraq ID:-Service Modified:07/10/2017User Modified:-Edited:NoPCI Vuln:Yes
THREAT: Your firewall policy seems to allow UDP packets with a specific source port (for example, port 53) to pass through while it blocks UDP packets to the same destination ports but with a random source port.In the Result section, the service lists up to 16 such destination ports that can be reached by the UDP probes with a source port of 53. Note that in a default scan, we have only used port 53 as the source port. It is possible that the firewall also allows UDP packets with other well-known ports as source ports to go through.

 

IMPACT: This weakness may allow a malicious remote user to bypass the firewall policy and reach UDP ports that are supposed to be protected by the firewall.

 

SOLUTION:Make sure that all your filtering rules are correct and strict enough. If they are not, change the firewall rules to filter these requests with a particular source port.

 

COMPLIANCE:Not Applicable

 

EXPLOITABILITY:There is no exploitability information for this vulnerability.

 

ASSOCIATED MALWARE: There is no malware information for this vulnerability.

 

RESULTS:The following UDP port(s) responded with either an ICMP (port closed) or a UDP (port open) to our probes using a source port of 53, but they did not respond when a random source port (17957) was used:
1701 (closed), 5632 (closed), 3527 (closed), 1812 (closed), 1434 (closed).