Testing your Cisco ASA appliance for vulnerabilities with Nmap

Finally finished some scripts that I have been working on for a while. Should have had them completed long ago but was not able to get to it until tonight. The scripts make use of the new Cisco AnyConnect library that was part of the commit and test for the (almost) recent vulnerabilities outlined in this Cisco advisory. The easiest way to test the scripts is to run the SVN version of Nmap. For those that don’t feel comfortable with that the scripts and library may be found here:

• anyconnect.lua
• http-cisco-anyconnect.nse
• http-vuln-cve2014-2126.nse
• http-vuln-cve2014-2127.nse
• http-vuln-cve2014-2128.nse
• http-vuln-cve2014-2129.nse