Cisco IOS Software Network Plug-and-Play Agent Certificate Validation Vulnerability

#TRUSTED 2169ed5e834bc63e88dbe2c272dfdb6aa2425e343eff0640f6bc48210233edb6d55505cf8ffa06d44cf6d655dfb3e4f59fb51fe2792b562ba52c28722e733c93df37cfb331e6f6b27006113cbdb29068cc6ef788dd77c2681a411e2417c549b1f0045fe63b8b4c0f0a78e0fc164d29dab3ca3a64b2fc248ada63abca9dcd5e62c722dc930f1b1e7421b0aa10a203393c348330ec9fafeacea5b70a3b7c4c892e0495030e69e60e99a67caa42f95764e3f899d7a58603c247691808dcbad0d0d41675597b25869ad168ed1aa3fb10584636c6defeab136056dc2ab2a8a865c79e2e3fa91fbd29fbd9443bb549b924d05bee7e45cf322955f5a852db5871d4e8ea8faf7f9254af0e1b72444df897faa0d7cc8a56c7167f22ec742e413361bb71b11c3f8e157436b77844c826337f10369d599ac26fa0748170ee4ba3a19f4050fdad5536caed05e05ee508ad0cc18b5a6bc7f524de7ba7ebd0155550cd1039ccc31fd0a3a54f8d13e33ebeb6b3372a65e8f433e75d7348238188575ca0d82dca0d0bdd61b27380aa26e01fab2eab9544631744918ba691985bd56709ffb150f177b9e4d01359de1fa72a1de0b865880c13ec91d88448cf447c40c2767dbd02d5631c8bfcf15f15737a9b4ffff6910af42e3ae7391070fdc2d0d0a21b7c099eb6ef17e562a683c423056e643fe13517b08f20138c93645e7bfce37c7ac00425a301
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(127049);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/12");

  script_cve_id("CVE-2019-1748");
  script_bugtraq_id(107619);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvf36269");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvg01089");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20190327-pnp-cert");

  script_name(english:"Cisco IOS Software Network Plug-and-Play Agent Certificate Validation Vulnerability");
  script_summary(english:"Checks the version of Cisco IOS Software");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the installed Cisco IOS software is affected by a vulnerability in the
Cisco Network Plug-and-Play (PnP) agent. This vulnerability allows an unauthenticated, remote attacker to gain
unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates
certificates. An attacker can exploit this vulnerability by supplying a specially crafted certificate to an affected
device. A successful exploit allows the attacker to conduct man-in-the-middle attacks to decrypt and modify
confidential information on user connections to the affected software. (CVE-2019-1748)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9f246a7b");
  script_set_attribute(attribute:"see_also", value:"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-71135");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf36269");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg01089");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvf36269 and CSCvg01089.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1748");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(295);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/26");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}

include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco IOS');

version_list=make_list(
  '12.1(12)',
  '12.1(1c)',
  '12.1(14)',
  '12.1(7)',
  '12.1(9)',
  '12.1(4a)',
  '12.1(3b)',
  '12.1(5b)',
  '12.1(6)',
  '12.1(4b)',
  '12.1(12a)',
  '12.1(11b)',
  '12.1(5)',
  '12.1(16)',
  '12.1(13)',
  '12.1(7b)',
  '12.1(13a)',
  '12.1(22a)',
  '12.1(24)',
  '12.1(17)',
  '12.1(5e)',
  '12.1(8)',
  '12.1(18)',
  '12.1(1)',
  '12.1(5c)',
  '12.1(6b)',
  '12.1(8a)',
  '12.1(8c)',
  '12.1(20)',
  '12.1(2b)',
  '12.1(17a)',
  '12.1(19)',
  '12.1(2)',
  '12.1(6a)',
  '12.1(22b)',
  '12.1(15)',
  '12.1(20a)',
  '12.1(26)',
  '12.1(10)',
  '12.1(4c)',
  '12.1(10a)',
  '12.1(21)',
  '12.1(22)',
  '12.1(11)',
  '12.1(12b)',
  '12.1(22c)',
  '12.1(9a)',
  '12.1(3)',
  '12.1(25)',
  '12.1(7c)',
  '12.1(4)',
  '12.1(3)XI',
  '12.0(5)S',
  '12.0(11)S6',
  '12.0(10)S',
  '12.0(11)S5',
  '12.0(2)S',
  '12.0(4)S',
  '12.0(6)S2',
  '12.0(7)S',
  '12.0(6)S',
  '12.0(6)S1',
  '12.0(11)S4',
  '12.0(10)S1',
  '12.0(10)S7',
  '12.0(28)S4a',
  '12.0(11)S3',
  '12.0(10)S3',
  '12.0(8)S',
  '12.0(10)S3b',
  '12.0(8)S1',
  '12.0(10)S4',
  '12.0(3)S',
  '12.0(10)S2',
  '12.0(11)S1',
  '12.0(10)S8',
  '12.0(9)S',
  '12.0(9)S8',
  '12.0(10)S5',
  '12.0(10)S6',
  '12.0(7)S1',
  '12.0(11)S',
  '12.0(11)S2',
  '12.0(10)ST',
  '12.0(11)ST',
  '12.0(9)ST',
  '12.0(11)ST3',
  '12.0(10)ST1',
  '12.0(10)ST2',
  '12.0(11)ST2',
  '12.0(11)ST1',
  '12.0(11)ST4',
  '12.2(22)S',
  '12.2(20)S',
  '12.2(18)S',
  '12.2(25)S',
  '12.2(20)S2a',
  '12.2(20)S4a',
  '12.2(20)S5',
  '12.2(18)S1',
  '12.2(20)S4',
  '12.2(18)S2',
  '12.2(18)S4',
  '12.2(25)S2',
  '12.2(20)S2',
  '12.2(18)S3',
  '12.2(20)S6',
  '12.2(20)S3',
  '12.2(25)S1',
  '12.2(20)S1',
  '12.2(2)XB9',
  '12.2(4)XL2',
  '12.2(10a)',
  '12.2(1)',
  '12.2(21b)',
  '12.2(10)',
  '12.2(1a)',
  '12.2(1b)',
  '12.2(1d)',
  '12.2(10b)',
  '12.2(10d)',
  '12.2(10g)',
  '12.2(3d)',
  '12.2(3g)',
  '12.2(3)',
  '12.2(5)',
  '12.2(5a)',
  '12.2(5d)',
  '12.2(6g)',
  '12.2(6h)',
  '12.2(6i)',
  '12.2(6j)',
  '12.2(6)',
  '12.2(6a)',
  '12.2(6b)',
  '12.2(6c)',
  '12.2(6d)',
  '12.2(6e)',
  '12.2(6f)',
  '12.2(7a)',
  '12.2(7b)',
  '12.2(7c)',
  '12.2(7g)',
  '12.2(7)',
  '12.2(37)',
  '12.2(19b)',
  '12.2(24b)',
  '12.2(12e)',
  '12.2(28)',
  '12.2(12b)',
  '12.2(26b)',
  '12.2(28a)',
  '12.2(12i)',
  '12.2(19)',
  '12.2(24)',
  '12.2(12g)',
  '12.2(13c)',
  '12.2(12f)',
  '12.2(12c)',
  '12.2(32)',
  '12.2(31)',
  '12.2(26a)',
  '12.2(27)',
  '12.2(12d)',
  '12.2(17e)',
  '12.2(28d)',
  '12.2(17a)',
  '12.2(12k)',
  '12.2(13e)',
  '12.2(12a)',
  '12.2(19c)',
  '12.2(27b)',
  '12.2(17b)',
  '12.2(23)',
  '12.2(27a)',
  '12.2(16)',
  '12.2(12m)',
  '12.2(40)',
  '12.2(28c)',
  '12.2(24a)',
  '12.2(21a)',
  '12.2(13b)',
  '12.2(23a)',
  '12.2(17d)',
  '12.2(26)',
  '12.2(23c)',
  '12.2(16b)',
  '12.2(13)',
  '12.2(19a)',
  '12.2(17f)',
  '12.2(28b)',
  '12.2(23d)',
  '12.2(12)',
  '12.2(12j)',
  '12.2(23f)',
  '12.2(17)',
  '12.2(16c)',
  '12.2(16a)',
  '12.2(12l)',
  '12.2(12h)',
  '12.2(16f)',
  '12.2(29a)',
  '12.2(13a)',
  '12.2(40a)',
  '12.2(23e)',
  '12.2(21)',
  '12.2(46)',
  '12.2(29)',
  '12.0(19)',
  '12.0(2a)',
  '12.0(6)',
  '12.0(13)',
  '12.0(1)',
  '12.0(9)',
  '12.0(16)',
  '12.0(2)',
  '12.0(28c)',
  '12.0(17)',
  '12.0(19a)',
  '12.0(3a)',
  '12.0(8a)',
  '12.0(16a)',
  '12.0(18)',
  '12.0(6b)',
  '12.0(13a)',
  '12.0(20)',
  '12.0(28b)',
  '12.0(7)',
  '12.0(25)',
  '12.0(15b)',
  '12.0(28d)',
  '12.0(26)',
  '12.0(3)',
  '12.0(15)',
  '12.0(11a)',
  '12.0(4)',
  '12.0(15a)',
  '12.0(4b)',
  '12.0(8)',
  '12.0(8b)',
  '12.0(21a)',
  '12.0(22)',
  '12.0(19b)',
  '12.0(18b)',
  '12.0(17a)',
  '12.0(1a)',
  '12.0(4a)',
  '12.0(10)',
  '12.0(24)',
  '12.0(12)',
  '12.0(11)',
  '12.0(23)',
  '12.0(14)',
  '12.0(5a)',
  '12.0(20a)',
  '12.0(14a)',
  '12.0(2b)',
  '12.0(12a)',
  '12.0(6a)',
  '12.0(7a)',
  '12.0(3d)',
  '12.0(28a)',
  '12.0(9a)',
  '12.0(3b)',
  '12.0(28)',
  '12.0(10a)',
  '12.0(16b)',
  '12.0(21)',
  '12.0(5)',
  '12.0(27)',
  '12.0(3c)',
  '12.0(5)XE5',
  '12.0(5)XE',
  '12.0(2)XE4',
  '12.0(5)XE8',
  '12.0(2)XE3',
  '12.0(4)XE2',
  '12.0(2)XE1',
  '12.0(5)XE4',
  '12.0(5)XE2',
  '12.0(5)XE1',
  '12.0(4)XE',
  '12.0(2)XE',
  '12.0(1)XE',
  '12.0(5)XE3',
  '12.0(7)XK1',
  '12.0(7)XK',
  '12.1(8b)E15',
  '12.1(8b)E12',
  '12.1(6)E',
  '12.1(8a)E',
  '12.1(5a)E6',
  '12.1(5c)E11',
  '12.1(8b)E20',
  '12.1(7a)E5',
  '12.1(6)E8',
  '12.1(8b)E9',
  '12.1(6)E12',
  '12.1(8b)E13',
  '12.1(5a)E5',
  '12.1(8b)E19',
  '12.1(5)YB2',
  '12.1(5)YB',
  '12.0(1)T',
  '12.0(2a)T1',
  '12.0(7)T1',
  '12.0(2)T',
  '12.0(4)T',
  '12.0(3)T3',
  '12.0(7)T3',
  '12.0(1)T1',
  '12.0(7)T2',
  '12.0(7)T',
  '12.0(5)T',
  '12.0(3)T',
  '12.0(5)T1',
  '12.0(3)T2',
  '12.0(2)T1',
  '12.1(1)T',
  '12.1(5)T10',
  '12.1(5)T9',
  '12.1(3)T',
  '12.1(5)T17',
  '12.1(5)T15',
  '12.1(5)T4',
  '12.1(5)T13',
  '12.1(5)T8c',
  '12.1(2)T',
  '12.1(5)T12',
  '12.1(5)T7',
  '12.1(5)T',
  '12.1(5)T8',
  '12.1(5)T19',
  '12.1(5)T18',
  '12.1(5)T5',
  '12.1(5c)EX',
  '12.1(9)EX',
  '12.1(6)EX',
  '12.1(5c)EX1',
  '12.1(8b)EX4',
  '12.1(20)EA1b',
  '12.1(22)EA6',
  '12.1(9)EA1d',
  '12.1(19)EA1b',
  '12.1(20)EA2',
  '12.1(22)EA4a',
  '12.1(8)EA1b',
  '12.1(22)EA1a',
  '12.1(6)EA2a',
  '12.1(20)EA1a',
  '12.1(6)EA2',
  '12.1(9)EA1a',
  '12.1(20)EA1',
  '12.1(9)EA1c',
  '12.1(6)EA1a',
  '12.1(6)EA2b',
  '12.1(6)EA2c',
  '12.1(19)EA1c',
  '12.1(22)EA4',
  '12.0(31)SZ2',
  '12.2(14)SZ',
  '12.2(14)SZ5',
  '12.2(14)SZ6',
  '12.2(14)SZ3',
  '12.2(14)SZ4',
  '12.2(14)SZ1',
  '12.2(14)SZ2',
  '12.2(9)YO',
  '12.2(9)YO3',
  '12.2(9)YO2',
  '12.2(9)YO1',
  '12.2(9)YO4',
  '12.2(11)YZ',
  '12.2(11)YZ1',
  '12.2(11)YZ3',
  '12.2(11)YZ2',
  '12.2(8)ZB',
  '12.0(5)XT1',
  '12.3(7)XI3a',
  '12.2(25)SE',
  '12.3(11)YF2',
  '12.2(12b)M1',
  '12.2(13b)M1',
  '12.2(12h)M1',
  '12.2(13b)M2',
  '12.3(2)JA3',
  '12.3(2)JA4',
  '12.3(11)JA2',
  '12.2(60)EZ16',
  '12.3(8)JK',
  '12.3(11)JX',
  '12.3(7)JX9',
  '12.3(11)JX1',
  '12.4(11)MD2',
  '12.4(23c)JY',
  '15.0(1)EY',
  '15.0(1)EY2',
  '12.3(9)M0',
  '12.3(9)M1',
  '12.2(27)SBK9',
  '15.1(2)SG8a',
  '15.0(2)SG11a',
  '15.0(2)EX2',
  '15.0(2)EX8',
  '15.3(2)S',
  '15.3(3)S',
  '15.3(2)S2',
  '15.3(2)S1',
  '15.3(3)S1',
  '15.3(3)S2',
  '15.3(3)S3',
  '15.3(3)S6',
  '15.3(3)S4',
  '15.3(3)S1a',
  '15.3(3)S5',
  '15.3(3)S2a',
  '15.3(3)S7',
  '15.3(3)S8',
  '15.3(3)S6a',
  '15.3(3)S9',
  '15.3(3)S10',
  '15.3(3)S8a',
  '15.4(1)T',
  '15.4(2)T',
  '15.4(1)T2',
  '15.4(1)T1',
  '15.4(1)T3',
  '15.4(2)T1',
  '15.4(2)T3',
  '15.4(2)T2',
  '15.4(1)T4',
  '15.4(2)T4',
  '12.4(25e)JAZ1',
  '15.2(1)E',
  '15.2(2)E',
  '15.2(1)E1',
  '15.2(3)E',
  '15.2(1)E2',
  '15.2(1)E3',
  '15.2(2)E1',
  '15.2(2b)E',
  '15.2(4)E',
  '15.2(3)E1',
  '15.2(2)E2',
  '15.2(2a)E1',
  '15.2(2)E3',
  '15.2(2a)E2',
  '15.2(3)E2',
  '15.2(3a)E',
  '15.2(3)E3',
  '15.2(3m)E2',
  '15.2(4)E1',
  '15.2(2)E4',
  '15.2(2)E5',
  '15.2(4)E2',
  '15.2(4m)E1',
  '15.2(3)E4',
  '15.2(5)E',
  '15.2(3m)E7',
  '15.2(4)E3',
  '15.2(2)E6',
  '15.2(5a)E',
  '15.2(5)E1',
  '15.2(5b)E',
  '15.2(4m)E3',
  '15.2(3m)E8',
  '15.2(2)E5a',
  '15.2(5c)E',
  '15.2(3)E5',
  '15.2(2)E5b',
  '15.2(4n)E2',
  '15.2(4o)E2',
  '15.2(5a)E1',
  '15.2(4)E4',
  '15.2(2)E7',
  '15.2(5)E2',
  '15.2(4p)E1',
  '15.2(6)E',
  '15.2(5)E2b',
  '15.2(4)E5',
  '15.2(5)E2c',
  '15.2(2)E8',
  '15.2(4m)E2',
  '15.2(4o)E3',
  '15.2(4q)E1',
  '15.2(6)E0a',
  '15.2(6)E0b',
  '15.2(2)E7b',
  '15.2(4)E5a',
  '15.2(6)E0c',
  '15.2(4)E6',
  '15.2(2)E9',
  '15.2(4s)E1',
  '15.2(2)E9a',
  '15.2(4s)E2',
  '15.1(3)MRA3',
  '15.4(1)S',
  '15.4(2)S',
  '15.4(3)S',
  '15.4(1)S1',
  '15.4(1)S2',
  '15.4(2)S1',
  '15.4(1)S3',
  '15.4(3)S1',
  '15.4(2)S2',
  '15.4(3)S2',
  '15.4(3)S3',
  '15.4(1)S4',
  '15.4(2)S3',
  '15.4(2)S4',
  '15.4(3)S0d',
  '15.4(3)S4',
  '15.4(3)S0e',
  '15.4(3)S5',
  '15.4(3)S0f',
  '15.4(3)S6',
  '15.4(3)S7',
  '15.4(3)S6a',
  '15.4(3)S8',
  '15.4(3)S9',
  '15.2(2)SC1',
  '15.2(2)SC3',
  '15.2(2)SC4',
  '15.2(1)EY',
  '15.2(1)SY',
  '15.2(1)SY1',
  '15.2(1)SY0a',
  '15.2(1)SY2',
  '15.2(2)SY',
  '15.2(1)SY1a',
  '15.2(2)SY1',
  '15.2(2)SY2',
  '15.2(1)SY3',
  '15.2(1)SY4',
  '15.2(2)SY3',
  '15.2(1)SY5',
  '15.2(1)SY6',
  '15.2(1)SY7',
  '15.2(5)EX',
  '15.4(3)M',
  '15.4(3)M1',
  '15.4(3)M2',
  '15.4(3)M3',
  '15.4(3)M4',
  '15.4(3)M5',
  '15.4(3)M6',
  '15.4(3)M7',
  '15.4(3)M6a',
  '15.4(3)M7a',
  '15.4(3)M8',
  '15.4(3)M9',
  '15.4(3)M10',
  '15.2(4)JAZ1',
  '15.4(1)CG',
  '15.4(1)CG1',
  '15.4(2)CG',
  '15.5(1)S',
  '15.5(2)S',
  '15.5(1)S1',
  '15.5(3)S',
  '15.5(1)S2',
  '15.5(1)S3',
  '15.5(2)S1',
  '15.5(2)S2',
  '15.5(3)S1',
  '15.5(3)S1a',
  '15.5(2)S3',
  '15.5(3)S2',
  '15.5(3)S0a',
  '15.5(3)S3',
  '15.5(1)S4',
  '15.5(2)S4',
  '15.5(3)S4',
  '15.5(3)S5',
  '15.5(3)S6',
  '15.5(3)S6a',
  '15.5(3)S7',
  '15.5(3)S6b',
  '15.5(3)S7a',
  '15.5(3)S7b',
  '15.1(3)SVG3d',
  '15.2(2)EB',
  '15.2(2)EB1',
  '15.2(2)EB2',
  '15.5(1)T',
  '15.5(1)T1',
  '15.5(2)T',
  '15.5(1)T2',
  '15.5(1)T3',
  '15.5(2)T1',
  '15.5(2)T2',
  '15.5(2)T3',
  '15.5(2)T4',
  '15.5(1)T4',
  '15.2(2)EA',
  '15.2(2)EA1',
  '15.2(2)EA2',
  '15.2(3)EA',
  '15.2(3)EA1',
  '15.2(4)EA',
  '15.2(4)EA1',
  '15.2(2)EA3',
  '15.2(4)EA3',
  '15.2(5)EA',
  '15.2(4)EA4',
  '15.2(4)EA2',
  '15.2(4)EA5',
  '15.2(4a)EA5',
  '15.2(4)EA6',
  '15.2(4)EA7',
  '15.4(2)SN',
  '15.4(2)SN1',
  '15.4(3)SN1',
  '15.4(3)SN1a',
  '15.5(3)M',
  '15.5(3)M1',
  '15.5(3)M0a',
  '15.5(3)M2',
  '15.5(3)M2a',
  '15.5(3)M3',
  '15.5(3)M4',
  '15.5(3)M4a',
  '15.5(3)M5',
  '15.5(3)M4b',
  '15.5(3)M4c',
  '15.5(3)M6',
  '15.5(3)M5a',
  '15.5(3)M7',
  '15.5(3)M6a',
  '15.3(3)JAA1',
  '15.5(1)SN',
  '15.5(1)SN1',
  '15.5(2)SN',
  '15.5(3)SN0a',
  '15.5(3)SN',
  '15.0(2)SQD8',
  '15.6(1)S',
  '15.6(2)S',
  '15.6(2)S1',
  '15.6(1)S1',
  '15.6(1)S2',
  '15.6(2)S0a',
  '15.6(2)S2',
  '15.6(1)S3',
  '15.6(2)S3',
  '15.6(1)S4',
  '15.6(2)S4',
  '15.1(3)SVI1b',
  '15.6(1)T',
  '15.6(2)T',
  '15.6(1)T0a',
  '15.6(1)T1',
  '15.6(2)T1',
  '15.6(1)T2',
  '15.6(2)T0a',
  '15.6(2)T2',
  '15.6(1)T3',
  '15.6(2)T3',
  '15.3(3)JC',
  '15.3(3)JC1',
  '15.3(3)JC2',
  '15.3(3)JC3',
  '15.3(3)JC4',
  '15.3(3)JC5',
  '15.3(3)JC6',
  '15.3(3)JC8',
  '15.3(3)JC9',
  '15.3(3)JC14',
  '15.3(1)SY',
  '15.3(0)SY',
  '15.3(1)SY1',
  '15.3(1)SY2',
  '15.3(1)SY3',
  '15.5(2)XB',
  '15.6(2)SP',
  '15.6(2)SP1',
  '15.6(2)SP2',
  '15.6(2)SP3',
  '15.6(2)SP4',
  '15.6(2)SP3b',
  '15.6(2)SP5',
  '15.6(1)SN',
  '15.6(1)SN1',
  '15.6(2)SN',
  '15.6(1)SN2',
  '15.6(1)SN3',
  '15.6(3)SN',
  '15.6(4)SN',
  '15.6(5)SN',
  '15.6(6)SN',
  '15.6(7)SN',
  '15.6(7)SN1',
  '15.3(3)JD',
  '15.3(3)JD2',
  '15.3(3)JD3',
  '15.3(3)JD4',
  '15.3(3)JD5',
  '15.3(3)JD6',
  '15.3(3)JD7',
  '15.3(3)JD8',
  '15.3(3)JD9',
  '15.3(3)JD11',
  '15.3(3)JD12',
  '15.3(3)JD13',
  '15.3(3)JD14',
  '15.3(3)JD15',
  '15.3(3)JD16',
  '15.6(3)M',
  '15.6(3)M1',
  '15.6(3)M0a',
  '15.6(3)M1a',
  '15.6(3)M1b',
  '15.6(3)M2',
  '15.6(3)M2a',
  '15.6(3)M3',
  '15.6(3)M3a',
  '15.6(3)M4',
  '15.2(4)EC1',
  '15.2(4)EC2',
  '15.4(1)SY',
  '15.4(1)SY1',
  '15.4(1)SY2',
  '15.4(1)SY3',
  '15.3(3)JE',
  '15.5(1)SY',
  '15.3(3)JF',
  '15.3(3)JF1',
  '15.3(3)JF2',
  '15.3(3)JF4',
  '15.3(3)JF5',
  '15.3(3)JF6',
  '15.3(3)JF7',
  '15.3(3)JF35',
  '15.3(3)JF8',
  '15.3(3)JF9',
  '15.7(3)M',
  '15.7(3)M1',
  '15.7(3)M0a',
  '15.3(3)JG',
  '15.3(3)JG1',
  '15.3(3)JH',
  '15.3(3)JH1',
  '15.1(3)SVK4b',
  '15.1(3)SVK4c',
  '15.1(3)SVO1',
  '15.1(3)SVO2',
  '15.3(3)JI',
  '15.3(3)JI1',
  '15.1(3)SVP1'
);

workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
workaround_params = WORKAROUND_CONFIG['show_pnp_profile'];


reporting = make_array(
'port'     , product_info['port'],
'severity' , SECURITY_WARNING,
'version'  , product_info['version'],
'bug_id'   , 'CSCvf36269, CSCvg01089',
'cmds'     , make_list('show pnp profile')
);

cisco::check_and_report(
  product_info:product_info, 
  workarounds:workarounds,
  workaround_params:workaround_params, 
  reporting:reporting, 
  vuln_versions:version_list
);