diff options
Diffstat (limited to 'scripts/http-vuln-cve2014-2129.nse')
-rw-r--r-- | scripts/http-vuln-cve2014-2129.nse | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/scripts/http-vuln-cve2014-2129.nse b/scripts/http-vuln-cve2014-2129.nse new file mode 100644 index 0000000..1246c81 --- /dev/null +++ b/scripts/http-vuln-cve2014-2129.nse @@ -0,0 +1,86 @@ +local anyconnect = require('anyconnect') +local shortport = require('shortport') +local vulns = require('vulns') +local sslcert = require('sslcert') +local stdnse = require "stdnse" + +description = [[ +Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SIP +Denial of Service Vulnerability (CVE-2014-2129). +]] + +--- +-- @see http-vuln-cve2014-2126.nse +-- @see http-vuln-cve2014-2127.nse +-- @see http-vuln-cve2014-2128.nse +-- +-- @usage +-- nmap -p 443 --script http-vuln-cve2014-2129 <target> +-- +-- @output +-- PORT STATE SERVICE +-- 443/tcp open https +-- | http-vuln-cve2014-2129: +-- | VULNERABLE: +-- | Cisco ASA SIP Denial of Service Vulnerability +-- | State: VULNERABLE +-- | Risk factor: High CVSSv2: 7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C) +-- | Description: +-- | The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052. +-- | +-- | References: +-- | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa +-- |_ http://cvedetails.com/cve/2014-2129/ + +author = "Patrik Karlsson <patrik@cqure.net>" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = {"vuln", "safe"} + +portrule = function(host, port) + return shortport.ssl(host, port) or sslcert.isPortSupported(port) +end + +action = function(host, port) + local vuln_table = { + title = "Cisco ASA SIP Denial of Service Vulnerability", + state = vulns.STATE.NOT_VULN, + risk_factor = "High", + scores = { + CVSSv2 = "7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C)", + }, + description = [[ +The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052. + ]], + + references = { + 'http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa', + 'http://cvedetails.com/cve/2014-2129/' + } + } + + local vuln_versions = { + ['8'] = { + ['2'] = 5.48, + ['4'] = 6.5, + }, + ['9'] = { + ['0'] = 3.1, + ['1'] = 2.5, + }, + } + + local report = vulns.Report:new(SCRIPT_NAME, host, port) + local ac = anyconnect.Cisco.AnyConnect:new(host, port) + local status, err = ac:connect() + if not status then + return stdnse.format_output(false, err) + else + local ver = ac:get_version() + if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then + if vuln_versions[ver['major']][ver['minor']] > tonumber(ver['rev']) then + vuln_table.state = vulns.STATE.VULN + end + end + end + return report:make_output(vuln_table) +end |