Cisco Support Community
Community Member

Switch 3750-X Vulnerability

Hi all,

   I had a bad expirience with Switch 3750-X. Because of an auditing security processess, my customer ran a software called "Nessus" to do a scanning of vulnerability on the network. When this software is point to switch, the process of the switch will next to 100% and reset. The software only do a listening on the ports to see what ports are opened and the switch should not reset because this.

Bellow is the log os switch on the moment of test; we note that the processess 'HTTP' rise moments before the switch reset. I disable the HTTP service on switch but the problem persist. The test was made only one machine connected to switch.

I open a case on TAC a more than 2 months and until now, no solution.

Somebody have an idea?                



      44999997777744444333331111111111          111113333333333333


  100   *****

   90   *****

   80   **********

   70   **********

   60   **********

   50   ***************

   40 *****************                              **********

   30 **********************                         ***********

   20 **********************                         ***********

   10 **********************************************************


               0    5    0    5    0    5    0    5    0    5    0

               CPU% per second (last 60 seconds)


SW-CORE#sh processes cpu
CPU utilization for five seconds: 29%/0%; one minute: 36%; five minutes: 28%

284       21629        4487       4820 50.55% 19.24%  5.36%   0 HTTP CORE

Everyone's tags (3)

Switch 3750-X Vulnerability

Sorry think only the tac and the developers could answer something like that , it's a code execution issue.

Hall of Fame Super Blue

Switch 3750-X Vulnerability

What IOS is the 3750X running on?

Do you have an ACL enabled?  If you don't, then you need to consider this.


Switch 3750-X Vulnerability

Very very interesting.

what ios version and type (lan/ipbase/services)?

What ip adress did you point at ?

Was it a adress on the switch or the management port ?

Was the Https also stopped or just the Http ?

This is a big thing if it works the way you have explained.

Have you tried to set access-lists to not allow traffic to that ip/port (as leo suggested) ? Does it work ?

is this reproducable from another subnet or just the same subnet as the switch ip is in ?

any other information you can supply us with ?


Switch 3750-X Vulnerability

Hi Rezen,

I guess the 3750 is running with old IOS 12.2(44)SE1 or the older IOS??? Please let me know what IOS version is running on that switch???

Please do rate if the given info helps.



CreatePlease to create content