Thanks Christian,
Just some clarification so I can maybe spot similar in the future:
> This had correctly registered the OS but an include file was missing an entry
> so this registered OS wasn't taken into account.
Would this have logged any errors anywhere? - Just thinking from a coding point
of view anytime a reference is missing it usually produces an warning/error.
> As we want to register the OS here i have chosen the
> "cpe:/o:cisco:adaptive_security_appliance_software" for the registration of
> the OS (cpe:/o = OS).
Sounds reasonable, although looking at the latest CVE's they seem to be listing
both o and a:
<cpe-item name="cpe:/o:cisco:adaptive_security_appliance_software:9.3.1">
<cpe-23:cpe23-item
name="cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*"/>
<cpe-item name="cpe:/o:cisco:adaptive_security_appliance_software:9.3.1.1">
<cpe-23:cpe23-item
name="cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*"/>
<cpe-item name="cpe:/a:cisco:adaptive_security_appliance_software:9.3.1.1">
<cpe-23:cpe23-item
name="cpe:2.3:a:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*"/>
<cpe-item name="cpe:/a:cisco:adaptive_security_appliance_software:9.3.2">
Gotta love the consistency. I'd agree with you, o (as in Operating System)
should be for the firmware but a (as in Application) should be what's used for
the ADSM tool. Possible to list multiple CPE's?
Also, will the hardware be registered as well? the output shows that my ASA
model is identified by as said it shows 'Hardware Information Unavailable'.
This may have been a separate NVT.
I'll be able to test again at the end of the week.
Lee
________________________________
From: Lee Wilson <[email protected]>
Sent: 26 February 2017 19:07
To: [email protected]
Subject: Cisco ASA Detection
Good Evening All,
Not sure why but even though the scan results correctly show that a Cisco ASA
along with ASDM has been detected by both SSH and SNMP scans, when I look at
the Assets list it's coming up as Unknown OS:
The results of the scan are below:
Cisco ASA Detection (SNMP)
Vulnerability Detection Result
Detected Cisco ASA
Version: 9.2(4)
Location: 161/udp
CPE: cpe:/a:cisco:asa:9.2(4)
Similar info is shown for the 'Cisco ASA Detection' NVT.
According to Asset Management it is showing as 'No information on operating
system was gathered during scan' and 'Hardware: Information unavailable',surely
this can't be right?
Having a look at the 'Cisco ASA Detection (SNMP)' NVT
(http://plugins.openvas.org/nasl.php?oid=106513), it looks as though it should
run the register_and_report_os function so that this information is known.
On a related note, is the CPE shown correct. According the directionary from
Mitre, the correct format appears to be as below. Could that be part of the
problem?
cpe:/a:cisco:adaptive_security_appliance_software:9.2.4
Thanks in advance for any insight on this.
Lee
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
