5 Replies Latest reply: Apr 10, 2014 4:30 AM by teasanchunji RSS

    Switch crashed when scanned

    sharad kapurala

      Hi All,

       

      We have implemented MVM on the network. And were conducting scans on the net devices. When the core switches were scanned, the network disrupted immediately.

      Apparently it was due to the scans conducted on the switches (both primary and secondary), as the whole trafiic in the network uses these switches.

       

      My query is does MVM have such disruptive vulnerabilities and plugins to crash the switches.

      If yes, what are the vulnerabilities (plugins or exploits) for switches, routers and firewalls we can use to avoid such disruption again.

       

      Thanks

      SCK

        • 1. Re: Switch crashed when scanned
          dfirstbr

          Hi SCK

           

          It is important to remember that MVM Vulnerability Manager is discovering an issue and not causing the issue on the target (s). Unless of course you’re unwittingly running ‘Intrusive’ scripts.   We’re using standard RFC compliant packages. Any attacker could have used the same  pattern maliciously to cause the issue. As that’s the case it is important to fix this, but it’s the vendors that need to review the devices.    Normally resolution is either an upgrade to the target, firmware update or a vendor patch.  It is not  a change to our code or scripts.   We can gather information, but that would be to assist the vendor. You would need to speak to the vendor first to figure out what they need.

           

          -dene

           

          Message was edited by: dfirstbr on 18/01/13 05:44:27 CST
          • 2. Re: Switch crashed when scanned
            ritch

            Hi SCK

             

            It also rather depends on which vulneraiblities you have selected (shell, web, etc.) and what Operating System the switch is being detected as. I have seen problems on older versions of Oracle, Lexmark Printers, UPS Devices, IOS Devices running very old firmware. We also found that a lot of Webserver interfaces on routers and switches being scanned can cause the devices to die (a config change fixes that),

             

            The other thing to remember is that if your vulnerability scanner can DOS your switches so can any internal attacker (or in some cases legitimate business traffic).

             

            If you can post the the make and firmware version others might know of issues.

             

            Ritch

             

            Message was edited by: ritch on 18/01/13 07:29:56 CST
            • 3. Re: Switch crashed when scanned
              feeeds

              Can you disclose the Vendor of your Core Switches.  We had an issue where the scanner was generating a DHCP flood across the network, which was resolved with an upgrade of NX-OS

              • 4. Re: Switch crashed when scanned
                sharad kapurala

                Thanks guys,

                 

                Ritch / Feeds,

                We were scanning HP 8206 zl switches using MVM 7.5. Also, let know what vulnerabilities (plugins) support the net devices (firewalls, switches, IPS, Routers) and if there is any documentation on it. Appreciate the help.

                 

                Cheers

                 

                SCK

                • 5. Re: Switch crashed when scanned
                  teasanchunji

                  Hi,

                   

                  We had a same issue with nexus5k.

                  N5K with 5.1(3)N1(1)  code.

                  Do you know what might caused this issue?

                   

                  Thanks