commit 7dae4affc23f9fd70e916bc461e45eafe4bcf99a

Author: Patrik Karlsson <patrik@cqure.net> Date: Thu May 29 21:33:18 2014 -0400 fix to detect non ASA devices and unsupported versions
2025-12-15 20:29:03 +00:00 · 2014-05-30 01:46:59 +00:00
parent c6fc780a29
commit 0b0109d4af
6 changed files with 35 additions and 15 deletions
--- a/scripts/http-cisco-anyconnect.nse
+++ b/scripts/http-cisco-anyconnect.nse
@@ -41,8 +41,10 @@ end

 action = function(host, port)
  local ac = anyconnect.Cisco.AnyConnect:new(host, port)
-  local status = ac:connect()
-  if status then
+  local status, err = ac:connect()
+  if not status then
+    return ("\n  ERROR: %s"):format(err)
+  else
    local o = stdnse.output_table()
    local xmltags = { 'version', 'tunnel-group', 'group-alias',
      'config-hash', 'host-scan-ticket', 'host-scan-token',
--- a/scripts/http-vuln-cve2014-2126.nse
+++ b/scripts/http-vuln-cve2014-2126.nse
@@ -68,8 +68,10 @@ Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 befor

  local report = vulns.Report:new(SCRIPT_NAME, host, port)
 	local ac = anyconnect.Cisco.AnyConnect:new(host, port)
-	local status = ac:connect()
-	if status then
+  local status, err = ac:connect()
+  if not status then
+    return ("\n  ERROR: %s"):format(err)
+  else
  	local ver = ac:get_version()
 		if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
 			if vuln_versions[ver['major']][ver['minor']] > tonumber(ver['rev']) then
--- a/scripts/http-vuln-cve2014-2127.nse
+++ b/scripts/http-vuln-cve2014-2127.nse
@@ -68,8 +68,10 @@ Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 befor

  local report = vulns.Report:new(SCRIPT_NAME, host, port)
 	local ac = anyconnect.Cisco.AnyConnect:new(host, port)
-	local status = ac:connect()
-	if status then
+  local status, err = ac:connect()
+  if not status then
+    return ("\n  ERROR: %s"):format(err)
+  else
  	local ver = ac:get_version()
 		if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
 			if vuln_versions[ver['major']][ver['minor']] > tonumber(ver['rev']) then
--- a/scripts/http-vuln-cve2014-2128.nse
+++ b/scripts/http-vuln-cve2014-2128.nse
@@ -69,8 +69,10 @@ The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8

  local report = vulns.Report:new(SCRIPT_NAME, host, port)
 	local ac = anyconnect.Cisco.AnyConnect:new(host, port)
-	local status = ac:connect()
-	if status then
+  local status, err = ac:connect()
+  if not status then
+    return ("\n  ERROR: %s"):format(err)
+  else
  	local ver = ac:get_version()
 		if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
 			if vuln_versions[ver['major']][ver['minor']] > tonumber(ver['rev']) then
--- a/scripts/http-vuln-cve2014-2129.nse
+++ b/scripts/http-vuln-cve2014-2129.nse
@@ -66,8 +66,10 @@ The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.

  local report = vulns.Report:new(SCRIPT_NAME, host, port)
 	local ac = anyconnect.Cisco.AnyConnect:new(host, port)
-	local status = ac:connect()
-	if status then
+  local status, err = ac:connect()
+  if not status then
+    return ("\n  ERROR: %s"):format(err)
+  else
  	local ver = ac:get_version()
 		if vuln_versions[ver['major']] and vuln_versions[ver['major']][ver['minor']] then
 			if vuln_versions[ver['major']][ver['minor']] > tonumber(ver['rev']) then