5 Replies Latest reply: Apr 10, 2014 4:30 AM by teasanchunji RSS

    Switch crashed when scanned

    sharad kapurala

      Hi All,


      We have implemented MVM on the network. And were conducting scans on the net devices. When the core switches were scanned, the network disrupted immediately.

      Apparently it was due to the scans conducted on the switches (both primary and secondary), as the whole trafiic in the network uses these switches.


      My query is does MVM have such disruptive vulnerabilities and plugins to crash the switches.

      If yes, what are the vulnerabilities (plugins or exploits) for switches, routers and firewalls we can use to avoid such disruption again.




        • 1. Re: Switch crashed when scanned

          Hi SCK


          It is important to remember that MVM Vulnerability Manager is discovering an issue and not causing the issue on the target (s). Unless of course you’re unwittingly running ‘Intrusive’ scripts.   We’re using standard RFC compliant packages. Any attacker could have used the same  pattern maliciously to cause the issue. As that’s the case it is important to fix this, but it’s the vendors that need to review the devices.    Normally resolution is either an upgrade to the target, firmware update or a vendor patch.  It is not  a change to our code or scripts.   We can gather information, but that would be to assist the vendor. You would need to speak to the vendor first to figure out what they need.




          Message was edited by: dfirstbr on 18/01/13 05:44:27 CST
          • 2. Re: Switch crashed when scanned

            Hi SCK


            It also rather depends on which vulneraiblities you have selected (shell, web, etc.) and what Operating System the switch is being detected as. I have seen problems on older versions of Oracle, Lexmark Printers, UPS Devices, IOS Devices running very old firmware. We also found that a lot of Webserver interfaces on routers and switches being scanned can cause the devices to die (a config change fixes that),


            The other thing to remember is that if your vulnerability scanner can DOS your switches so can any internal attacker (or in some cases legitimate business traffic).


            If you can post the the make and firmware version others might know of issues.




            Message was edited by: ritch on 18/01/13 07:29:56 CST
            • 3. Re: Switch crashed when scanned

              Can you disclose the Vendor of your Core Switches.  We had an issue where the scanner was generating a DHCP flood across the network, which was resolved with an upgrade of NX-OS

              • 4. Re: Switch crashed when scanned
                sharad kapurala

                Thanks guys,


                Ritch / Feeds,

                We were scanning HP 8206 zl switches using MVM 7.5. Also, let know what vulnerabilities (plugins) support the net devices (firewalls, switches, IPS, Routers) and if there is any documentation on it. Appreciate the help.





                • 5. Re: Switch crashed when scanned



                  We had a same issue with nexus5k.

                  N5K with 5.1(3)N1(1)  code.

                  Do you know what might caused this issue?