Press Release

LinkedIn Facebook Twitter RSS

Symantec Raises ThreatCon to Level Three

Functional Exploit Code Released For Cisco Vulnerability

CUPERTINO, Calif. - July 18, 2003 - Symantec Corp. (Nasdaq: SYMC), the world leader in Internet security, today announced it is increasing the Symantec Security Response ThreatCon alert to a Level Three after a functional exploit for the Cisco IOS Malicious IPV4 Packet Sequence Denial of Service vulnerability was released into the wild. Symantec's ThreatCon rating provides an overall view of global Internet Security. The exploit code, which would allow users to take advantage of the vulnerability, was posted to a public mailing list on Friday, July 18 at 3:00 a.m. EDT.

Symantec's ThreatCon Level Three applies when an isolated threat to the computing infrastructure is currently underway. Under this condition, Symantec recommends that information technology organizations increase monitoring, deployment and reconfiguration of security systems. Symantec's ThreatCon Rating is based on a 1-4 rating system with a level four being the highest threat level. The Symantec ThreatCon rating was previously elevated to a Level Three in response to CodeRed, the SQL Slammer worm and BugbearB.

"This is a serious vulnerability as it affects a significant number of infrastructure devices, on both corporate and core Internet networks, said Alfred Huger, senior director of development, Symantec Security Response. "Because of the critical nature of the affected devices and known exploit code, Symantec Security Response strongly advises administrators running vulnerable versions of Cisco IOS to apply the associated patches immediately if they have not already done so."

At the time of this release, Symantec Security Response is not aware of any attempts to automate the exploit code to attack a large range of IP addresses. Symantec Security Response will continue to monitor any unusual activities through its 19,000 sensors and its worldwide Security Operation Centers.

Symantec DeepSight customers are protected against the vulnerability through updated Snort signatures sent by the DeepSight Threat Analyst Team. Snort is an open source, network intrusion detection system.

Symantec's network intrusion protection solution, Symantec ManHunt, supports these Snort signatures. Symantec is also developing a customized signature for Symantec ManHunt customers to download that will detect this exploit for the Cisco vulnerability.

By default, Symantec Enterprise Firewall, Symantec Gateway Security and Symantec VelociRaptor block all protocols that are mentioned in the CISCO IOS Malicious IPV4 Packet Sequence Denial of Service Vulnerability. However, IT Administrators still need to apply all appropriate patches and explicitly deny the above mentioned protocols by configuring an Access Control List (ACL) on all Cisco devices.

About Symantec Security Response
Symantec Security Response is a team of dedicated intrusion experts, security engineers, virus hunters, and global technical support teams that work in tandem to provide extensive coverage for enterprise businesses and consumers. Symantec Security Response provides customers with comprehensive, global, 24x7 Internet security expertise to guard against today's complex Internet threats.

About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at

NOTE TO EDITORS: : If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

FORWARD LOOKING STATEMENT: This press release contains forward-looking statements, including forecasts of future revenue and earnings per share, expected industry patterns, and other financial and business results that involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to differ materially from results expressed or implied by this press release. Such risk factors include, among others: the sustainability of recent growth rates, particularly in consumer products; whether certain market segments, particularly enterprise security, grow as anticipated; the positioning of Symantec's products in those segments; the competitive environment in the software industry; ability to integrate acquired companies and technology; ability to retain key employees; ability to successfully combine product offerings and customer acceptance of combined products; general market conditions, fluctuations in currency exchange rates, changes to operating systems and product strategy by vendors of operating systems; and whether Symantec can successfully develop new products and the degree to which these gain market acceptance. Actual results may differ materially from those contained in the forward-looking statements in this press release. Additional information concerning these and other risk factors is contained in the Risk Factors sections of Symantec’s previously filed Form 10-K and Form 10-Q.