Firewall-1 and VPN-1 include support for RDP, but do not provide adequate security controls for RDP data. By adding a faked RDP header to typical UDP traffic, any content can be passed to port 259 on any host on either side of the device.
An attacker who exploits this vulnerability can build a tunnel to bypass the firewall and pass traffic to and from arbitrary hosts on either side of the firewall on port 259.
Apply patch from vendor.
The vulnerability was discovered by Jochen Bauer <firstname.lastname@example.org> and Boris Wesslowski <email@example.com> of Inside Security GmbH Stuttgart, Germany.
This document was written by Ian A. Finlay.