CVE-2005-0356

Cisco Agent Desktop - Denial of Service via Spoofed TCP Timestamp Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0356. PoCs published by Daniel Hartmeier.

AI-analyzed exploit summary This exploit demonstrates a TCP timestamp validation flaw (CVE-2005-0356) in OpenBSD and FreeBSD, allowing an attacker to inject spoofed TCP segments with arbitrary timestamps, causing legitimate packets to be dropped by PAWS and stalling the connection.

Description

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Daniel Hartmeier · cdosmultiple
https://www.exploit-db.com/exploits/1008

This exploit demonstrates a TCP timestamp validation flaw (CVE-2005-0356) in OpenBSD and FreeBSD, allowing an attacker to inject spoofed TCP segments with arbitrary timestamps, causing legitimate packets to be dropped by PAWS and stalling the connection.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: OpenBSD and FreeBSD TCP/IP stack (pre-patch)
No auth needed
Prerequisites: Knowledge of source/destination IP and port of an active TCP connection · Ability to send spoofed TCP packets
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20635
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15393
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/637934
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15417/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18662
Various Sources vendor-advisory x_refsource_sco
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt
Various Sources vendor-advisory x_refsource_freebsd
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13676
Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18222

Scores

EPSS 0.8276
EPSS Percentile 99.6%

Details

Status published
Products (50)
alaxala/alaxala_networks ax5400s
alaxala/alaxala_networks ax7800r
alaxala/alaxala_networks ax7800s
cisco/agent_desktop
cisco/aironet_ap1200
cisco/aironet_ap350
cisco/call_manager 1.0
cisco/call_manager 2.0
cisco/call_manager 3.0
cisco/call_manager 3.1
... and 40 more
Published May 31, 2005
Tracked Since Feb 18, 2026