Denial of Service Vulnerability in Multiple TCP Implementations by Various Vendors
CVE-2005-0356

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server; Mgx 8230; Mgx 8250; Personal Assistant
Vendor: CVE Published:; 31 May 2005

Summary

Multiple TCP implementations with the Protection Against Wrapped Sequence Numbers (PAWS) feature enabled have a vulnerability that allows remote attackers to execute a denial of service attack. By sending a spoofed packet containing a large timestamp value, an attacker can trick the target system into dropping legitimate packets, perceiving them as outdated. This can result in connection loss, severely disrupting network services and stability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/20635

vdb-entryx_refsource_XF

http://secunia.com/advisories/15393

third-party-advisoryx_refsource_SECUNIA

http://www.kb.cert.org/vuls/id/637934

third-party-advisoryx_refsource_CERT-VN

EPSS Score

79% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 31, 2005
Vulnerability Reserved
Feb 11, 2005