CVE-2005-3774

Cisco PIX 6.3 and 7.0 - Denial of Service via Spoofed TCP Packets

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3774. PoCs published by Janis Vizulis.

AI-analyzed exploit summary This Perl script exploits CVE-2005-3774, a denial-of-service (DoS) vulnerability in Cisco PIX firewalls by sending a flood of TCP SYN packets with incrementing source ports. It uses Net::RawIP to craft and send packets, targeting a specified destination IP and port.

Description

Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Janis Vizulis · perldoshardware
https://www.exploit-db.com/exploits/1338

This Perl script exploits CVE-2005-3774, a denial-of-service (DoS) vulnerability in Cisco PIX firewalls by sending a flood of TCP SYN packets with incrementing source ports. It uses Net::RawIP to craft and send packets, targeting a specified destination IP and port.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Cisco PIX Firewall (versions affected by CVE-2005-3774)
No auth needed
Prerequisites: Perl with Net::RawIP, Getopt::Long, and Term::ProgressBar modules · Network access to the target · Target's MAC and IP addresses
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Janis Vizulis · perldoshardware
https://www.exploit-db.com/exploits/26548

This Perl script exploits CVE-2005-3774, a denial-of-service vulnerability in Cisco PIX firewalls by sending spoofed TCP SYN packets to block legitimate TCP connections. It uses Net::RawIP to craft and send packets with incrementing source ports to overwhelm the target.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Cisco PIX 6.3 and 7.0
No auth needed
Prerequisites: Network access to the target · Perl with Net::RawIP, Getopt::Long, and Term::ProgressBar modules
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015256
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25079
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25077
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24140
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15525
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426989/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426991/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/853540
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17670
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/427041/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2546
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/417458/30/0/threaded
Vendor Advisory mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html

Scores

EPSS 0.1821
EPSS Percentile 96.8%

Details

Status published
Products (2)
cisco/pix 6.3
cisco/pix 7.0
Published Nov 23, 2005
Tracked Since Feb 18, 2026