summaryrefslogtreecommitdiffstats
path: root/scripts/http-vuln-cve2014-2129.nse
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/http-vuln-cve2014-2129.nse')
-rw-r--r--scripts/http-vuln-cve2014-2129.nse86
1 files changed, 86 insertions, 0 deletions
diff --git a/scripts/http-vuln-cve2014-2129.nse b/scripts/http-vuln-cve2014-2129.nse
new file mode 100644
index 0000000..1246c81
--- /dev/null
+++ b/scripts/http-vuln-cve2014-2129.nse
@@ -0,0 +1,86 @@
+local anyconnect = require('anyconnect')
+local shortport = require('shortport')
+local vulns = require('vulns')
+local sslcert = require('sslcert')
+local stdnse = require "stdnse"
+
+description = [[
+Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SIP
+Denial of Service Vulnerability (CVE-2014-2129).
+]]
+
+---
+-- @see http-vuln-cve2014-2126.nse
+-- @see http-vuln-cve2014-2127.nse
+-- @see http-vuln-cve2014-2128.nse
+--
+-- @usage
+-- nmap -p 443 --script http-vuln-cve2014-2129 <target>
+--
+-- @output
+-- PORT STATE SERVICE
+-- 443/tcp open https
+-- | http-vuln-cve2014-2129:
+-- | VULNERABLE:
+-- | Cisco ASA SIP Denial of Service Vulnerability
+-- | State: VULNERABLE
+-- | Risk factor: High CVSSv2: 7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C)
+-- | Description:
+-- | The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
+-- |
+-- | References:
+-- | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
+-- |_ http://cvedetails.com/cve/2014-2129/
+
+author = "Patrik Karlsson <patrik@cqure.net>"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"vuln", "safe"}
+
+portrule = function(host, port)
+ return shortport.ssl(host, port) or sslcert.isPortSupported(port)
+end
+
+action = function(host, port)
+ local vuln_table = {
+ title = "Cisco ASA SIP Denial of Service Vulnerability",
+ state = vulns.STATE.NOT_VULN,
+ risk_factor = "High",
+ scores = {
+ CVSSv2 = "7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C)",
+ },
+ description = [[
+The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
+ ]],
+
+ references = {
+ 'http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa',
+ 'http://cvedetails.com/cve/2014-2129/'
+ }
+ }
+
+ local vuln_versions = {
+ ['8'] = {
+ ['2'] = 5.48,
+ ['4'] = 6.5,
+ },
+ ['9'] = {
+ ['0'] = 3.1,
+ ['1'] = 2.5,
+ },
+ }
+
+ local report = vulns.Report:new(SCRIPT_NAME, host, port)
+ local ac = anyconnect.Cisco.AnyConnect:new(host, port)
+ local status, err = ac:connect()
+ if not status then
+ return stdnse.format_output(false, err)
+ else
+ local ver = ac:get_version()
+ if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
+ if vuln_versions[ver['major']][ver['minor']] > tonumber(ver['rev']) then
+ vuln_table.state = vulns.STATE.VULN
+ end
+ end
+ end
+ return report:make_output(vuln_table)
+end