I have a question regarding Spanning Tree Root.

I work in a Call Center, this organization uses Cisco Switches to manage their infrastructure; some clients made a hybrid topology (uses Call Center L2 switches to connect end users but made a connection to their L3 SW and FW to reach their network services).

The Call Center has an Admin the Vlan 10, with Spanning Tree Root Bridge placed as default (the lowest SW Mac Add  management). But it brings to my attention that main Vlan has a different Root Bridge than others Vlans.

Example:

Switch_Core#sh spanning-tree root

!

Vlan                   Root           ID                   Cost    Time  Age Dly  Root Port

VLAN0008         32776 000c.cee2.a940        19    2   20  15  Gi0/46

VLAN0009         32777 000c.cee2.a940        19    2   20  15  Gi0/46

VLAN0010         32768 0026.995a.fb00        42    2   20  15  Gi0/48

!

By doing some Root Bridge traceroute, I found that Vlan 10 reaches another Sw from the company:

!

Switch_Dist#sh spanning-tree root | i VLAN0010

!

VLAN0010         32768       0026.995a.fb00        38    2   20  15  Gi0/8

!

By doing more traceroute, this Vlan root bridge as next step Switch reaches a client Switch (unable to access) with a Cost of 38.

My question is if this Call Center may be exposed to any attack since Admin Vlan Root Bridge is under another Switch topology?

I do not create this topology but found these configurations mistakes and Spanning Tree redesign for the Root Bridge rearrangement (to provide the highest value for the switch core) and upgrade to RSTP that I proposed was approved just recently. But wonder what consequences will produce that Admin Vlan has been exposed for so long.

This current topology has no VTP password, since we’re sharing L2 switches with clients, should the call center implement the VTP password as well?

Any suggestion will be welcome.