1 files changed, 86 insertions, 0 deletions
diff --git a/scripts/http-vuln-cve2014-2129.nse b/scripts/http-vuln-cve2014-2129.nse
new file mode 100644
index 0000000..1246c81
--- /dev/null
+++ b/scripts/http-vuln-cve2014-2129.nse
@@ -0,0 +1,86 @@
+local anyconnect = require('anyconnect')
+local shortport = require('shortport')
+local vulns = require('vulns')
+local sslcert = require('sslcert')
+local stdnse = require "stdnse"
+
+description = [[
+Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SIP
+Denial of Service Vulnerability (CVE-2014-2129).
+]]
+
+---
+-- @see http-vuln-cve2014-2126.nse
+-- @see http-vuln-cve2014-2127.nse
+-- @see http-vuln-cve2014-2128.nse
+--
+-- @usage
+-- nmap -p 443 --script http-vuln-cve2014-2129 <target>
+--
+-- @output
+-- PORT    STATE SERVICE
+-- 443/tcp open  https
+-- | http-vuln-cve2014-2129:
+-- |   VULNERABLE:
+-- |   Cisco ASA SIP Denial of Service Vulnerability
+-- |     State: VULNERABLE
+-- |     Risk factor: High  CVSSv2: 7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C)
+-- |     Description:
+-- |       The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
+-- |
+-- |     References:
+-- |       http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
+-- |_      http://cvedetails.com/cve/2014-2129/
+
+author = "Patrik Karlsson <patrik@cqure.net>"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"vuln", "safe"}
+
+portrule = function(host, port)
+  return shortport.ssl(host, port) or sslcert.isPortSupported(port)
+end
+
+action = function(host, port)
+  local vuln_table = {
+    title = "Cisco ASA SIP Denial of Service Vulnerability",
+    state = vulns.STATE.NOT_VULN,
+    risk_factor = "High",
+    scores = {
+      CVSSv2 = "7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C)",
+    },
+    description = [[
+The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
+    ]],
+
+    references = {
+      'http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa',
+      'http://cvedetails.com/cve/2014-2129/'
+    }
+  }
+
+  local vuln_versions = {
+    ['8'] = {
+      ['2'] = 5.48,
+      ['4'] = 6.5,
+    },
+    ['9'] = {
+      ['0'] = 3.1,
+      ['1'] = 2.5,
+    },
+  }
+
+  local report = vulns.Report:new(SCRIPT_NAME, host, port)
+  local ac = anyconnect.Cisco.AnyConnect:new(host, port)
+  local status, err = ac:connect()
+  if not status then
+    return stdnse.format_output(false, err)
+  else
+    local ver = ac:get_version()
+    if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
+      if vuln_versions[ver['major']][ver['minor']] > tonumber(ver['rev']) then
+        vuln_table.state = vulns.STATE.VULN
+      end
+    end
+  end
+  return report:make_output(vuln_table)
+end