ID |
CVE-2005-3774
|
Summary |
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 (as of 19-10-2018 - 15:39) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
refmap
via4
|
bid | 15525 | bugtraq | - 20051122 Cisco PIX TCP Connection Prevention
- 20060307 Cisco PIX embryonic state machine 1b data DoS
- 20060307 Cisco PIX embryonic state machine TTL(n-1) DoS
- 20060307 RE: Cisco PIX embryonic state machine 1b data DoS
| cert-vn | VU#853540 | cisco | 20051128 Response to Cisco PIX TCP Connection Prevention | confirm | http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html | fulldisc | 20051122 Cisco PIX TCP Connection Prevention | osvdb | 24140 | sectrack | 1015256 | secunia | 17670 | vupen | ADV-2005-2546 | xf | - cisco-pix-tcp-data-field-dos(25077)
- cisco-pix-ttl-dos(25079)
|
|
Last major update |
19-10-2018 - 15:39 |
Published |
23-11-2005 - 00:03 |
Last modified |
19-10-2018 - 15:39 |