Cisco Credential Scan Failure

Hi All,

WE’ve discovered an interesting issue with scanning our Cisco devices. When we test the credentials, they work. When we scan a cisco device individually, or in small groups (3-4), the credentials report success and it reports the correct vulnerabilities. However, during our larger scans, all of our Cisco devices report credential failure and do NOT report the correct vulnerabilities, only the ones that can be identified without credentials.

TL;DR Cisco credentials appear to work individually, but fail at scale.

Any insight (haha) into where to start looking (either inside IVM or elsewhere in our network stack) would be greatly appreciated.

IME - I had the network team work with me on creating a service account that they allow listed into their ISE templates. This should allow access for that account to authenticate over the necessary port for credentialed scanning.
Keep in mind that many templates may exist so your creds may fail on certain hosts because the account isnt permitted to login to a particular asset.

Check if there is a security policy in place that drops connections after so many failed attempts. This causes scan to stop and considered failed.