Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapPatrik Karlsson <[email protected]>NMAP:HTTP-VULN-CVE2014-2129.NSE
HistoryMay 26, 2014 - 1:28 a.m.

http-vuln-cve2014-2129 NSE Script

2014-05-2601:28:38
Patrik Karlsson <[email protected]>
nmap.org
107

EPSS

0.973

Percentile

99.9%

JSON

Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SIP Denial of Service Vulnerability (CVE-2014-2129).

See also:

Script Arguments

tls.servername

See the documentation for the tls library.

vulns.short, vulns.showall

See the documentation for the vulns library.

mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username

See the documentation for the mssql library.

anyconnect.group, anyconnect.mac, anyconnect.ua, anyconnect.version

See the documentation for the anyconnect library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

slaxml.debug

See the documentation for the slaxml library.

smtp.domain

See the documentation for the smtp library.

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

nmap -p 443 --script http-vuln-cve2014-2129 &lt;target&gt;

Script Output

PORT    STATE SERVICE
443/tcp open  https
| http-vuln-cve2014-2129:
|   VULNERABLE:
|   Cisco ASA SIP Denial of Service Vulnerability
|     State: VULNERABLE
|     Risk factor: High  CVSSv2: 7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C)
|     Description:
|       The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
|
|     References:
|       http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
|_      http://cvedetails.com/cve/2014-2129/

Requires

local anyconnect = require('anyconnect')
local shortport = require('shortport')
local vulns = require('vulns')
local sslcert = require('sslcert')
local stdnse = require "stdnse"

description = [[
Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SIP
Denial of Service Vulnerability (CVE-2014-2129).
]]

---
-- @see http-vuln-cve2014-2126.nse
-- @see http-vuln-cve2014-2127.nse
-- @see http-vuln-cve2014-2128.nse
--
-- @usage
-- nmap -p 443 --script http-vuln-cve2014-2129 <target>
--
-- @output
-- PORT    STATE SERVICE
-- 443/tcp open  https
-- | http-vuln-cve2014-2129:
-- |   VULNERABLE:
-- |   Cisco ASA SIP Denial of Service Vulnerability
-- |     State: VULNERABLE
-- |     Risk factor: High  CVSSv2: 7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C)
-- |     Description:
-- |       The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
-- |
-- |     References:
-- |       http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
-- |_      http://cvedetails.com/cve/2014-2129/

author = "Patrik Karlsson <[email protected]>"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"vuln", "safe"}

portrule = function(host, port)
  return shortport.ssl(host, port) or sslcert.isPortSupported(port)
end

action = function(host, port)
  local vuln_table = {
    title = "Cisco ASA SIP Denial of Service Vulnerability",
    state = vulns.STATE.NOT_VULN,
    risk_factor = "High",
    scores = {
      CVSSv2 = "7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C)",
    },
    description = [[
The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
    ]],

    references = {
      'http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa',
      'http://cvedetails.com/cve/2014-2129/'
    }
  }

  local vuln_versions = {
    ['8'] = {
      ['2'] = 5.48,
      ['4'] = 6.5,
    },
    ['9'] = {
      ['0'] = 3.1,
      ['1'] = 2.5,
    },
  }

  local report = vulns.Report:new(SCRIPT_NAME, host, port)
  local ac = anyconnect.Cisco.AnyConnect:new(host, port)
  local status, err = ac:connect()
  if not status then
    return stdnse.format_output(false, err)
  else
    local ver = ac:get_version()
    if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
      if vuln_versions[ver['major']][ver['minor']] > tonumber(ver['rev']) then
        vuln_table.state = vulns.STATE.VULN
      end
    end
  end
  return report:make_output(vuln_table)
end

Related

nmap 199
nmap
nmap
nbstat NSE Script
2008-06-12 14:32:25
imap-capabilities NSE Script
2009-06-08 23:21:56
lltd-discovery NSE Script
2011-09-26 22:20:08

EPSS

0.973

Percentile

99.9%

JSON
Related for NMAP:HTTP-VULN-CVE2014-2129.NSE
nmap199