GEN:SID | 1:513 |
Message | MISC Cisco Catalyst Remote Access |
Summary | This event is generated when a Cisco Catalyst switch responds to an external connection that it is listening on the remote management port.
|
Impact | Denial of service. A successful connection to the remote management port may allow an attacker access to the switch.
|
Detailed Information | TCP port 7161 is the remote management port for Cisco Catalyst switches. A vulnerability exists that may allow a user to connect to this port on an affected switch and cause the supervisor module to reload, disabling service while in progress.
|
Affected Systems | Cisco switches:
The Catalyst 12xx family, running supervisor software versions up to and including 4.29.
The Catalyst 29xx family (but not the Catalyst 2900XL), running supervisor software versions up to and including 2.1(5), 2.1(501), and 2.1(502).
The Catalyst 5xxx series (including the Catalyst 55xx family), running supervisor software versions up to and including 2.1(5), 2.1(501), and 2.1(502).
|
Attack Scenarios | An attacker can exploit a vulnerability associated with the remote management port of Cisco switches, causing a denial of service.
|
Ease of Attack | Unknown.
|
Corrective Action | Disable external access to the Cisco switch remote management port.
|
Additional References | Whitehats www.whitehats.com/info/IDS129
CVE http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0430
|
Rule References | arachnids: 129
bugtraq: 705
cve: 1999-0430
|