RDP traffic initiated by users come in to the FTD sourced from the outside-zone interface and egress the inside-zone. Under Networks, define the source and destination networks. Object AnyConnectPool includes the IP addresses that is assigned to AnyConnect clients. Object InsideNet include the inside network subnet. For more information about how to install the Cisco AnyConnect software and details on how to connect to the VPN, check out the information in this set of knowledgebase articles. MFA Multi-Factor Authentication, or MFA, is a security measure that requires more than one method of authentication from different categories of credentials to verify. Connect to a VPN Connection using Cisco AnyConnect Secure Mobility Client Must connect to Departmental Pools, then AnyConnect-AHC01 (both personal and HST supported devices) Note your computername. This has the format D2xxxxxxx; Open Remote Desktop Connection by: Searching 'Remote Desktop' from the Windows Start Menu. Sep 09, 2020 Cisco is not able to make any guarantees of correct AnyConnect operation for customers with SHA-1 secure gateway or intermediate certificates or running old versions of AnyConnect. Cisco highly recommends that customers stay up to date with the current maintenance release of AnyConnect in order to ensure that they have all available fixes in place.
Cisco Anyconnect Rdp Problem
Script types:portrule
Categories: intrusive, vuln
Download: https://svn.nmap.org/nmap/scripts/rdp-vuln-ms12-020.nse
User Summary
Checks if a machine is vulnerable to MS12-020 RDP vulnerability.
The Microsoft bulletin MS12-020 patches two vulnerabilities: CVE-2012-0152which addresses a denial of service vulnerability inside Terminal Server, andCVE-2012-0002 which fixes a vulnerability in Remote Desktop Protocol. Both arepart of Remote Desktop Services.
The script works by checking for the CVE-2012-0152 vulnerability. If thisvulnerability is not patched, it is assumed that CVE-2012-0002 is not patchedeither. This script can do its check without crashing the target.
The way this works follows:
- Send one user request. The server replies with a user id (call it A) and a channel for that user.
- Send another user request. The server replies with another user id (call it B) and another channel.
- Send a channel join request with requesting user set to A and requesting channel set to B. If the server replies with a success message, we conclude that the server is vulnerable.
- In case the server is vulnerable, send a channel join request with the requesting user set to B and requesting channel set to B to prevent the chance of a crash.
References:
Original check by by Worawit Wang (sleepya).
Script Arguments
Cisco Anyconnect Rdp Session
Cisco Anyconnect Download
vulns.short, vulns.showall
See the documentation for the vulns library.Example Usage
Script Output
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html