Hi Lee, On 28.02.2017 22:28, Lee Wilson wrote: > Just some clarification so I can maybe spot similar in the future: > >> This had correctly registered the OS but an include file was missing an >> entry so this registered OS wasn't taken into account. > > Would this have logged any errors anywhere? - Just thinking from a coding > point of view anytime a reference is missing it usually produces an > warning/error.
in this special case there are no errors logged. The NVT which is evaluating the registered Operating Systems and choose the best matching OS don't know the NVTs doing the registration so it can't know that there is something missing. Unfortunately we're quite limited with NASL in this case. >> As we want to register the OS here i have chosen the >> "cpe:/o:cisco:adaptive_security_appliance_software" for the registration of >> the OS (cpe:/o = OS). > > Sounds reasonable, although looking at the latest CVE's they seem to be > listing both o and a: > > <cpe-item name="cpe:/o:cisco:adaptive_security_appliance_software:9.3.1"> > <cpe-23:cpe23-item > name="cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*"/> > <cpe-item name="cpe:/o:cisco:adaptive_security_appliance_software:9.3.1.1"> > <cpe-23:cpe23-item > name="cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*"/> > <cpe-item name="cpe:/a:cisco:adaptive_security_appliance_software:9.3.1.1"> > <cpe-23:cpe23-item > name="cpe:2.3:a:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*"/> > <cpe-item name="cpe:/a:cisco:adaptive_security_appliance_software:9.3.2"> > > Gotta love the consistency. I'd agree with you, o (as in Operating System) > should be for the firmware but a (as in Application) should be what's used > for the ADSM tool. Possible to list multiple CPE's? We might need to update the registered CPE of the Cisco ASA Detection (SNMP) / Cisco ASA Detection (SSH) to use the cpe:/a:cisco:adaptive_security_appliance_software instead of the non-existent cpe:/a:cisco:asa > Also, will the hardware be registered as well? the output shows that my ASA > model is identified by as said it shows 'Hardware Information Unavailable'. > This may have been a separate NVT. Currently no hardware is registered. I will forward both to a colleague of mine. He currently has more knowledge of the Cisco checks so need to discuss both with him first. > I'll be able to test again at the end of the week. The current OpenVAS Feed version is "Plugin Set: 201702150924" -> http://plugins.openvas.org/ which doesn't include this fix yet. You could have a look there before doing the test to see if the Feed got updated. Thanks again for your feedback / suggestions. Regards, Christian -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > Good Evening All, > > > Not sure why but even though the scan results correctly show that a Cisco ASA > along with ASDM has been detected by both SSH and SNMP scans, when I look at > the Assets list it's coming up as Unknown OS: > > > The results of the scan are below: > > Cisco ASA Detection (SNMP) > > Vulnerability Detection Result > > Detected Cisco ASA > > Version: 9.2(4) > > Location: 161/udp > > CPE: cpe:/a:cisco:asa:9.2(4) > > > Similar info is shown for the 'Cisco ASA Detection' NVT. > > > According to Asset Management it is showing as 'No information on operating > system was gathered during scan' and 'Hardware: Information > unavailable',surely this can't be right? > > > Having a look at the 'Cisco ASA Detection (SNMP)' NVT > (http://plugins.openvas.org/nasl.php?oid=106513), it looks as though it > should run the register_and_report_os function so that this information is > known. > > > On a related note, is the CPE shown correct. According the directionary from > Mitre, the correct format appears to be as below. Could that be part of the > problem? > > cpe:/a:cisco:adaptive_security_appliance_software:9.2.4 > > > Thanks in advance for any insight on this. > > > Lee _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
