Hello everyone,
I am currently performing vulnerability assessments using Greenbone/OpenVAS and I am trying to determine if there is a supported method to perform authenticated scans against Cisco ASA devices.
From what I understand, Cisco ASA does not support traditional authenticated scanning methods such as SSH credentialed checks in the same way as Linux servers. Because of this, we are currently limited to unauthenticated network scans, which only identify exposed services and banner information.
Our goal is to validate vulnerabilities at the configuration and OS level of the ASA, ideally through an authenticated or credentialed method.
Environment details:
-
Scanner: Greenbone / OpenVAS (latest community feed)
-
Target: Cisco ASA firewall appliance
-
Access available: SSH and CLI administrative access to the ASA
-
Scan type attempted: Credentialed SSH scan
The issue is that OpenVAS does not seem to recognize the ASA as a supported platform for credentialed checks.
My questions are:
-
Is there any supported way to perform authenticated scans against Cisco ASA using Greenbone/OpenVAS?
-
Are there any NASL plugins or configuration approaches that allow retrieving vulnerability information from ASA via SSH?
-
If authenticated scanning is not supported, what is the recommended best practice for vulnerability assessment of Cisco ASA devices using Greenbone?
Any guidance or experiences from others who have scanned Cisco ASA devices with Greenbone would be greatly appreciated.
Thanks in advance.