| ID |
CVE-2005-3774
|
| Summary |
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 5.0 (as of 19-10-2018 - 15:39) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| refmap
via4
|
| bid | 15525 | | bugtraq | - 20051122 Cisco PIX TCP Connection Prevention
- 20060307 Cisco PIX embryonic state machine 1b data DoS
- 20060307 Cisco PIX embryonic state machine TTL(n-1) DoS
- 20060307 RE: Cisco PIX embryonic state machine 1b data DoS
| | cert-vn | VU#853540 | | cisco | 20051128 Response to Cisco PIX TCP Connection Prevention | | confirm | http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html | | fulldisc | 20051122 Cisco PIX TCP Connection Prevention | | osvdb | 24140 | | sectrack | 1015256 | | secunia | 17670 | | vupen | ADV-2005-2546 | | xf | - cisco-pix-tcp-data-field-dos(25077)
- cisco-pix-ttl-dos(25079)
|
|
| Last major update |
19-10-2018 - 15:39 |
| Published |
23-11-2005 - 00:03 |
| Last modified |
19-10-2018 - 15:39 |
