In this paper, we propose and analyze an analytical propagation model of a vulnerability mitigation worm (Seawave). The model takes into consideration the topology structure of enterprise networks such as switches, LANs, and backbone, proposing the first computer worm that use layer two of the OSI model as its main propagation medium. The model also addresses the worm's communication delays due to CAM table reading (α), neighbor switch communication (β), and backbone mapping (ε). We also propose a bandwidth model to measure the traffic generated within different stages of worm propagation. Different simulations of different hierarchical topologies of enterprise networks have been driven to further evaluate and observe the defensive worm's performance in large scale networks.