07-15-2013 08:03 AM - edited 03-07-2019 02:24 PM
Using Nessus Vulnerability Scanner to scan a Cisco 2811 running IOS 15.1. The Cisco's http server is crashing for several minutes once scanned. Any ideas where I might start on this?
07-15-2013 01:18 PM
I would search through the bug toolkit, although without knowing exactly what Nessus is doing to the router, it would be hard to associate it with a specific bug. That being said, there are quite a few severity 1 bugs on that code and some of them have to do with http. I would try upgrading or downgrading to a more stable version and see if you are still getting crashes.
07-15-2013 02:34 PM
Thanks for the reply.
I believe we're on the latest maintenance release for the 2811? You're suggesting that we might try downgrading then? I believe this issue was present on 12.4 as well.
07-15-2013 03:58 PM
Looks like there are a few things going on. Check the followng links:
https://discussions.nessus.org/thread/5909
http://www.giac.org/paper/gcih/209/cisco-http-denial-service/101913
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100812-tcp
Are you sure you're on the latest release? I would disable http/s access and/or isolated management traffic before it gets a chance to hit the device.
07-16-2013 06:54 AM
I believe it's on the latest...
One thing though...how can I tell if it's booting to the system image stored on the flash memory vs. the ROM? I wonder if that might be the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide