Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."
https://exchange.xforce.ibmcloud.com/vulnerabilities/16370
http://www.kb.cert.org/vuls/id/245190
http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml