GEN:SID 1:513
Message MISC Cisco Catalyst Remote Access
Summary This event is generated when a Cisco Catalyst switch responds to an external connection that it is listening on the remote management port.
Impact Denial of service.  A successful connection to the remote management port may allow an attacker access to the switch.
Detailed Information TCP port 7161 is the remote management port for Cisco Catalyst switches.  A vulnerability exists that may allow a user to connect to this port on an affected switch and cause the supervisor module to reload, disabling service while in progress.

Affected Systems Cisco switches:

      The Catalyst 12xx family, running supervisor software versions up to and including 4.29.

      The Catalyst 29xx family (but not the Catalyst 2900XL), running supervisor software versions up to and including 2.1(5), 2.1(501), and 2.1(502).

      The Catalyst 5xxx series (including the Catalyst 55xx family), running supervisor software versions up to and including 2.1(5), 2.1(501), and 2.1(502).
Attack Scenarios An attacker can exploit a vulnerability associated with the remote management port of Cisco switches, causing a denial of service.
Ease of Attack Unknown.
Corrective Action Disable external access to the Cisco switch remote management port.
Additional References Whitehats
www.whitehats.com/info/IDS129

CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0430
Rule References arachnids: 129
bugtraq: 705
cve: 1999-0430