MacOSX Cisco AnyConnect Secure Mobility Client Detection

2012-07-02T00:00:00
ID MACOSX_CISCO_ANYCONNECT_INSTALLED.NASL
Type nessus
Reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2012-07-02T00:00:00

Description

Cisco AnyConnect Secure Mobility Client (formerly known as Cisco AnyConnect VPN Client) is installed on the remote host. This software can be used for secure connectivity.

                                        
                                            #TRUSTED 57e6099a75677172ed1ac4b10c2998fd8064eb44b23018695529b18d4e89634bf13ce4919c8456be64be1c049b76b00ff5b69a98673a7aeb9a861cfeb8d7bb2454c450f9536276d1c340577d3a7b133598f75557d4ff1b59cb3455f7f4346a5218e7264151be0f70501889770ee066b17ef1f204f9297d13cee249c05aec70dd1ae9fc6002bd121b5094f1dde2349950745e55b8f95582d223e51f5a6c277974305e17bde5bec21c7a8eac8e519720e4019f0c5a9756e7acce71d7d351bb18eec5fb4f74da3094ad22d33697bf05c62442ddd51b0534f5cf820db397e4461c75ccc41b4fd94b80e44750ca565f776b4e6cb58efcb492d1c270cd81fc0dd8567d09eea5be19d5273635c18965bec19f6a347aea97b4bb3862d5502bdf6b8196104a149abbda0d291ca9bd9d4b68bb916b0b3e8aec1e98900f6c2019b45d0bd7bfbaddf2151e5861b90fdf93582803ddd8d16810e9a4eafc4afc06aa1fe2dd50fb8f37d79d8da0f787c3e4e02dc1f3da99a381b239d9b0ad34dc1f1e7fe9b1b3dabb3d8b0dfb364613bf188814c761e95da3054cf567af1b504d8a4180b761b14da84df61f3c4552ec88c2c4a3a938464b1d9103051fc0144b51e5ef56cfad6e255e055edc7a1c1d0812fa200ff1ab049631f9c54a8c83e905c31addf8bc11e71ac65baa9f25b6ad6231c7a69f5fb402282911afd3de9f010f24c2ea1cc3a1c983
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(59822);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2019/11/22");

  script_name(english:"MacOSX Cisco AnyConnect Secure Mobility Client Detection");
  script_summary(english:"Checks if the AnyConnect client is installed");

  script_set_attribute(attribute:"synopsis", value:"There is a VPN client installed on the remote host.");
  script_set_attribute(attribute:"description", value:
"Cisco AnyConnect Secure Mobility Client (formerly known as Cisco
AnyConnect VPN Client) is installed on the remote host. This software
can be used for secure connectivity.");
  script_set_attribute(attribute:"see_also", value:"http://www.cisco.com/en/US/products/ps10884/index.html");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:anyconnect_secure_mobility_client");
  script_set_attribute(attribute:"asset_inventory", value:"True");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");
include("ssh_func.inc");
include("macosx_func.inc");
include("install_func.inc");


if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");

os = get_kb_item("Host/MacOSX/Version");
if (!os) exit(0, "The host does not appear to be running Mac OS X.");

kb_base = "MacOSX/Cisco_AnyConnect";
appname = "Cisco AnyConnect Secure Mobility Client";

# 3.x check
# Check that the app is really installed
# and grab a detailed version from its
# uninstall app.
path  = '/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app';
plist = '/Applications/Cisco/Uninstall AnyConnect.app/Contents/Info.plist';

# this works for 3.x >= 3.1.06073
plist_field = 'CFBundleShortVersionString';
cmd = 'if [ `grep ' + plist_field + ' "' + path + '/Contents/Info.plist" 2>/dev/null` ] ; ' +
      'then ' +
        'plutil -convert xml1 -o - \''+plist+'\' | ' +
        'grep -A 1 ' + plist_field + ' | ' +
        'tail -n 1 | ' +
        'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\' ; ' +
      'fi';
version = exec_cmd(cmd:cmd);

# 3.x < 3.1.06073 uses a slightly different plist field
if (isnull(version))
{
  plist_field = 'CFBundleVersion';
  cmd = 'if [ `grep ' + plist_field + ' "' + path + '/Contents/Info.plist" 2>/dev/null` ] ; ' +
      'then ' +
        'plutil -convert xml1 -o - \''+plist+'\' | ' +
        'grep -A 1 ' + plist_field + ' | ' +
        'tail -n 1 | ' +
        'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\' ; ' +
      'fi';
  version = exec_cmd(cmd:cmd);
}

# detect 2.x installs
if(isnull(version))
{
  path = '/Applications/Cisco/Cisco AnyConnect VPN Client.app';
  bin_path = '/opt/cisco/vpn/bin/';
  cmd = bin_path + 'vpn -v | grep "(version" | sed \'s/.*(version \\(.*\\)).*/\\1/g\'';
  version = exec_cmd(cmd:cmd);
}

# And exit if all attempts have failed
if (!strlen(version))
  audit(AUDIT_NOT_INST, appname);

set_kb_item(name:kb_base+"/Installed", value:TRUE);
set_kb_item(name:kb_base+"/Path", value:path);

if (version !~ "^[0-9]") exit(1, "The " + appname + " version does not look valid (" + version + ").");
set_kb_item(name:kb_base+"/Version", value:version);

register_install(
  app_name:appname,
  path:path,
  version:version,
  cpe:"cpe:/a:cisco:anyconnect_secure_mobility_client");

report_installs(app_name:appname);