This indicates an attempt to use Java Debug Wire Protocol (JDWP) to access remote debugging.
JDWP allows remote debugging of Java virtual machine. However this protocol does not authenticate users and is insecure. Attackers can use JDWP to do command injection. The JDWP service port should never be exposed to the public.
This signature can detect attempts to exploit a Remote Code Execution Vulnerability in Cisco Prime Data Center Network Manager. A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on an affected system. The vulnerability is due to a lack of authentication and exposing JDWP service port to the public.
Any servers with JDWP service port exposed to the public are vulnerable
Cisco Prime Data Center Network Manager 10.1(2)
Cisco Prime Data Center Network Manager 10.1(1)
Cisco MDS 9500 Series Multilayer Directors 10.1(2)
Cisco MDS 9500 Series Multilayer Directors 10.1(1)ST(1)
Cisco MDS 9500 Series Multilayer Directors 10.1(1)S5
System Compromise: Remote attackers can gain control of vulnerable systems.
Close the JDWP service port.
Apply the latest update from the vendor