2811 HTTP server crash upon Nessus scan

evanb3184 · ‎07-15-2013

Using Nessus Vulnerability Scanner to scan a Cisco 2811 running IOS 15.1. The Cisco's http server is crashing for several minutes once scanned. Any ideas where I might start on this?

Daniel McDavid · ‎07-15-2013

I would search through the bug toolkit, although without knowing exactly what Nessus is doing to the router, it would be hard to associate it with a specific bug. That being said, there are quite a few severity 1 bugs on that code and some of them have to do with http. I would try upgrading or downgrading to a more stable version and see if you are still getting crashes.

evanb3184 · ‎07-15-2013

Thanks for the reply.

I believe we're on the latest maintenance release for the 2811? You're suggesting that we might try downgrading then? I believe this issue was present on 12.4 as well.

Daniel McDavid · ‎07-15-2013

Looks like there are a few things going on. Check the followng links:

https://discussions.nessus.org/thread/5909

http://www.giac.org/paper/gcih/209/cisco-http-denial-service/101913

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100812-tcp

Are you sure you're on the latest release? I would disable http/s access and/or isolated management traffic before it gets a chance to hit the device.

evanb3184 · ‎07-16-2013

I believe it's on the latest...

One thing though...how can I tell if it's booting to the system image stored on the flash memory vs. the ROM? I wonder if that might be the issue.