Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution (cisco-sa-tcl-ace-C9KuVKmm)

2020-06-18T00:00:00
ID CISCO-SA-TCL-ACE-C9KUVKMM-IOS.NASL
Type nessus
Reporter This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-06-18T00:00:00

Description

According to its self-reported version, IOS is affected by a Arbitrary Code Execution vulnerability. An authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

                                        
                                            #TRUSTED 9f71ad4521268f6df263808df8377f2529dbc49b9920a2941796de8091930df807927f6ba92eeca599486ad1fa3787f50348a7f593716d467a3da953df7f524ed8980e146a79e439ff6b1b7062ccd373e166af775cf999d91e5812d4a52ad296893e79bc538c58d351e9d73ccf9548fdfb1e030d03227a3c10d1c877a8a9a0dd7aabaabd8d9cc98323da60e77d94a78fc77cb2a0b1ce2a79b696ce88fa41a5957785dc1b3ae68c22e4c846d9d20297252544bb4d338cc25d21fe8b371c5bc8de82456d790e2d6722383b36265da068f384d6a12f72ad28361a24fc3c3973737ec41f769c77a8f00ac088802cb6472df2e316efbeeb15b34891d22b1a0750329974e91d7d2aa39e82b35274eaf4a8a06cf3f3acdc94d26effb6012efd1b8791b0ad46b34349b72d7e2b6d1a29e29b40eff7c59132f3c7a09878f4a6901ad9587e90e4ae67974d9e3d47816e5fa5dc55d3dbf55ee6371d84fb48851e41b6fcdc84d75868def9c9630a06d67b58b4475ad9188f2b94f960544c1cd972a95be3bb4bf362e22831cdd5660ae74b2af56834b8758cb59502d865df81c3005725929745a61f93cb230149387ff4f9ec39d7c5f31c7f5a49f9aefba6cfa21af923d12aec28e2dd9d1aef6e48e84e7793da3edb0ab6e3a0b474efbdc044d8dd89e07a910a8debff9fc77191bb558bc34c75a03dc4831c017bdbfec211c6b41a50a32891cd
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(137630);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2020-3204");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvq05584");
  script_xref(name:"CISCO-SA", value:"cisco-sa-tcl-ace-C9KuVKmm");
  script_xref(name:"IAVA", value:"2020-A-0239");

  script_name(english:"Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution (cisco-sa-tcl-ace-C9KuVKmm)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, IOS is affected by a Arbitrary Code Execution vulnerability. An authenticated,
local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with
root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. A
successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the
underlying OS of the affected device.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tcl-ace-C9KuVKmm
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7843b571");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq05584");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvq05584");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3204");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/18");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}

include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco IOS');

version_list=make_list(
  '15.9(3)M0a',
  '15.9(3)M',
  '15.8(3)M3b',
  '15.8(3)M3a',
  '15.8(3)M3',
  '15.8(3)M2a',
  '15.8(3)M2',
  '15.8(3)M1a',
  '15.8(3)M1',
  '15.8(3)M0b',
  '15.8(3)M0a',
  '15.8(3)M',
  '15.7(3)M5',
  '15.7(3)M4b',
  '15.7(3)M4a',
  '15.7(3)M4',
  '15.7(3)M3',
  '15.7(3)M2',
  '15.7(3)M1',
  '15.7(3)M0a',
  '15.7(3)M',
  '15.6(7)SN2',
  '15.6(7)SN1',
  '15.6(7)SN',
  '15.6(6)SN',
  '15.6(5)SN',
  '15.6(4)SN',
  '15.6(3)SN',
  '15.6(3)M7',
  '15.6(3)M6b',
  '15.6(3)M6a',
  '15.6(3)M6',
  '15.6(3)M5',
  '15.6(3)M4',
  '15.6(3)M3a',
  '15.6(3)M3',
  '15.6(3)M2a',
  '15.6(3)M2',
  '15.6(3)M1b',
  '15.6(3)M1a',
  '15.6(3)M1',
  '15.6(3)M0a',
  '15.6(3)M',
  '15.6(2)T3',
  '15.6(2)T2',
  '15.6(2)T1',
  '15.6(2)T0a',
  '15.6(2)T',
  '15.6(2)SP7',
  '15.6(2)SP6',
  '15.6(2)SP5',
  '15.6(2)SP4',
  '15.6(2)SP3',
  '15.6(2)SP2',
  '15.6(2)SP1',
  '15.6(2)SP',
  '15.6(2)SN',
  '15.6(2)S4',
  '15.6(2)S3',
  '15.6(2)S2',
  '15.6(2)S1',
  '15.6(2)S',
  '15.6(1)T3',
  '15.6(1)T2',
  '15.6(1)T1',
  '15.6(1)T0a',
  '15.6(1)T',
  '15.6(1)SN3',
  '15.6(1)SN2',
  '15.6(1)SN1',
  '15.6(1)SN',
  '15.6(1)S4',
  '15.6(1)S3',
  '15.6(1)S2',
  '15.6(1)S1',
  '15.6(1)S',
  '15.5(3)SN0a',
  '15.5(3)SN',
  '15.5(3)S9a',
  '15.5(3)S9',
  '15.5(3)S8',
  '15.5(3)S7',
  '15.5(3)S6b',
  '15.5(3)S6a',
  '15.5(3)S6',
  '15.5(3)S5',
  '15.5(3)S4',
  '15.5(3)S3',
  '15.5(3)S2',
  '15.5(3)S1a',
  '15.5(3)S10',
  '15.5(3)S1',
  '15.5(3)S0a',
  '15.5(3)S',
  '15.5(3)M9',
  '15.5(3)M8',
  '15.5(3)M7',
  '15.5(3)M6a',
  '15.5(3)M6',
  '15.5(3)M5',
  '15.5(3)M4c',
  '15.5(3)M4b',
  '15.5(3)M4a',
  '15.5(3)M4',
  '15.5(3)M3',
  '15.5(3)M2a',
  '15.5(3)M2',
  '15.5(3)M10',
  '15.5(3)M1',
  '15.5(3)M0a',
  '15.5(3)M',
  '15.5(2)XB',
  '15.5(2)T4',
  '15.5(2)T3',
  '15.5(2)T2',
  '15.5(2)T1',
  '15.5(2)T',
  '15.5(2)SN',
  '15.5(2)S4',
  '15.5(2)S3',
  '15.5(2)S2',
  '15.5(2)S1',
  '15.5(2)S',
  '15.5(1)T4',
  '15.5(1)T3',
  '15.5(1)T2',
  '15.5(1)T1',
  '15.5(1)T',
  '15.5(1)SY4',
  '15.5(1)SY3',
  '15.5(1)SY2',
  '15.5(1)SY1',
  '15.5(1)SY',
  '15.5(1)SN1',
  '15.5(1)SN',
  '15.5(1)S4',
  '15.5(1)S3',
  '15.5(1)S2',
  '15.5(1)S1',
  '15.5(1)S',
  '15.4(3)SN1a',
  '15.4(3)SN1',
  '15.4(3)S9',
  '15.4(3)S8',
  '15.4(3)S7',
  '15.4(3)S6a',
  '15.4(3)S6',
  '15.4(3)S5',
  '15.4(3)S4',
  '15.4(3)S3',
  '15.4(3)S2',
  '15.4(3)S10',
  '15.4(3)S1',
  '15.4(3)S0f',
  '15.4(3)S0e',
  '15.4(3)S0d',
  '15.4(3)S',
  '15.4(3)M9',
  '15.4(3)M8',
  '15.4(3)M7a',
  '15.4(3)M7',
  '15.4(3)M6a',
  '15.4(3)M6',
  '15.4(3)M5',
  '15.4(3)M4',
  '15.4(3)M3',
  '15.4(3)M2',
  '15.4(3)M10',
  '15.4(3)M1',
  '15.4(3)M',
  '15.4(2)T4',
  '15.4(2)T3',
  '15.4(2)T2',
  '15.4(2)T1',
  '15.4(2)T',
  '15.4(2)SN1',
  '15.4(2)SN',
  '15.4(2)S4',
  '15.4(2)S3',
  '15.4(2)S2',
  '15.4(2)S1',
  '15.4(2)S',
  '15.4(2)CG',
  '15.4(1)T4',
  '15.4(1)T3',
  '15.4(1)T2',
  '15.4(1)T1',
  '15.4(1)T',
  '15.4(1)SY4',
  '15.4(1)SY3',
  '15.4(1)SY2',
  '15.4(1)SY1',
  '15.4(1)SY',
  '15.4(1)S4',
  '15.4(1)S3',
  '15.4(1)S2',
  '15.4(1)S1',
  '15.4(1)S',
  '15.4(1)CG1',
  '15.4(1)CG',
  '15.3(3)XB12',
  '15.3(3)S9',
  '15.3(3)S8a',
  '15.3(3)S8',
  '15.3(3)S7',
  '15.3(3)S6a',
  '15.3(3)S6',
  '15.3(3)S5',
  '15.3(3)S4',
  '15.3(3)S3',
  '15.3(3)S2a',
  '15.3(3)S2',
  '15.3(3)S1a',
  '15.3(3)S10',
  '15.3(3)S1',
  '15.3(3)S',
  '15.3(3)M9',
  '15.3(3)M8a',
  '15.3(3)M8',
  '15.3(3)M7',
  '15.3(3)M6',
  '15.3(3)M5',
  '15.3(3)M4',
  '15.3(3)M3',
  '15.3(3)M2',
  '15.3(3)M10',
  '15.3(3)M1',
  '15.3(3)M',
  '15.3(3)JPJ',
  '15.3(3)JPI',
  '15.3(3)JAA1',
  '15.3(2)T4',
  '15.3(2)T3',
  '15.3(2)T2',
  '15.3(2)T1',
  '15.3(2)T',
  '15.3(2)S2',
  '15.3(2)S1',
  '15.3(2)S',
  '15.3(1)T4',
  '15.3(1)T3',
  '15.3(1)T2',
  '15.3(1)T1',
  '15.3(1)T',
  '15.3(1)SY2',
  '15.3(1)SY1',
  '15.3(1)SY',
  '15.3(1)S2',
  '15.3(1)S1e',
  '15.3(1)S1',
  '15.3(1)S',
  '15.3(0)SY',
  '15.2(7a)E0b',
  '15.2(7)E1a',
  '15.2(7)E1',
  '15.2(7)E0s',
  '15.2(7)E0b',
  '15.2(7)E0a',
  '15.2(7)E',
  '15.2(6)EB',
  '15.2(6)E4',
  '15.2(6)E3',
  '15.2(6)E2b',
  '15.2(6)E2a',
  '15.2(6)E2',
  '15.2(6)E1s',
  '15.2(6)E1a',
  '15.2(6)E1',
  '15.2(6)E0c',
  '15.2(6)E0a',
  '15.2(6)E',
  '15.2(5c)E',
  '15.2(5b)E',
  '15.2(5a)E1',
  '15.2(5a)E',
  '15.2(5)EX',
  '15.2(5)EA',
  '15.2(5)E2c',
  '15.2(5)E2b',
  '15.2(5)E2',
  '15.2(5)E1',
  '15.2(5)E',
  '15.2(4s)E1',
  '15.2(4q)E1',
  '15.2(4p)E1',
  '15.2(4o)E3',
  '15.2(4o)E2',
  '15.2(4n)E2',
  '15.2(4m)E3',
  '15.2(4m)E2',
  '15.2(4m)E1',
  '15.2(4)S8',
  '15.2(4)S7',
  '15.2(4)S6',
  '15.2(4)S5',
  '15.2(4)S4a',
  '15.2(4)S4',
  '15.2(4)S3a',
  '15.2(4)S3',
  '15.2(4)S2',
  '15.2(4)S1c',
  '15.2(4)S1',
  '15.2(4)S0c',
  '15.2(4)S',
  '15.2(4)M9',
  '15.2(4)M8',
  '15.2(4)M7',
  '15.2(4)M6b',
  '15.2(4)M6a',
  '15.2(4)M6',
  '15.2(4)M5',
  '15.2(4)M4',
  '15.2(4)M3',
  '15.2(4)M2',
  '15.2(4)M11',
  '15.2(4)M10',
  '15.2(4)M1',
  '15.2(4)M',
  '15.2(4)JAZ1',
  '15.2(4)GC3',
  '15.2(4)GC2',
  '15.2(4)GC1',
  '15.2(4)GC',
  '15.2(4)EC2',
  '15.2(4)EC1',
  '15.2(4)EA9',
  '15.2(4)EA8',
  '15.2(4)EA7',
  '15.2(4)EA6',
  '15.2(4)EA5',
  '15.2(4)EA4',
  '15.2(4)EA3',
  '15.2(4)EA2',
  '15.2(4)EA1',
  '15.2(4)EA',
  '15.2(4)E9',
  '15.2(4)E8',
  '15.2(4)E7',
  '15.2(4)E6',
  '15.2(4)E5a',
  '15.2(4)E5',
  '15.2(4)E4',
  '15.2(4)E3',
  '15.2(4)E2',
  '15.2(4)E1',
  '15.2(4)E',
  '15.2(3m)E8',
  '15.2(3m)E7',
  '15.2(3m)E2',
  '15.2(3a)E',
  '15.2(3)GC1',
  '15.2(3)GC',
  '15.2(3)EA',
  '15.2(3)E5',
  '15.2(3)E4',
  '15.2(3)E3',
  '15.2(3)E2',
  '15.2(3)E1',
  '15.2(3)E',
  '15.2(2b)E',
  '15.2(2a)E2',
  '15.2(2a)E1',
  '15.2(2)SY3',
  '15.2(2)SY2',
  '15.2(2)SY1',
  '15.2(2)SY',
  '15.2(2)SC4',
  '15.2(2)SC3',
  '15.2(2)SC1',
  '15.2(2)S2',
  '15.2(2)S1',
  '15.2(2)S0d',
  '15.2(2)S0c',
  '15.2(2)S0a',
  '15.2(2)S',
  '15.2(2)GC',
  '15.2(2)EB2',
  '15.2(2)EB1',
  '15.2(2)EB',
  '15.2(2)EA3',
  '15.2(2)EA2',
  '15.2(2)EA1',
  '15.2(2)EA',
  '15.2(2)E9a',
  '15.2(2)E9',
  '15.2(2)E8',
  '15.2(2)E7b',
  '15.2(2)E7',
  '15.2(2)E6',
  '15.2(2)E5b',
  '15.2(2)E5a',
  '15.2(2)E5',
  '15.2(2)E4',
  '15.2(2)E3',
  '15.2(2)E2',
  '15.2(2)E10a',
  '15.2(2)E10',
  '15.2(2)E1',
  '15.2(2)E',
  '15.2(1)SY8',
  '15.2(1)SY7',
  '15.2(1)SY6',
  '15.2(1)SY5',
  '15.2(1)SY4',
  '15.2(1)SY3',
  '15.2(1)SY2',
  '15.2(1)SY1a',
  '15.2(1)SY1',
  '15.2(1)SY0a',
  '15.2(1)SY',
  '15.2(1)S2',
  '15.2(1)S1',
  '15.2(1)S',
  '15.2(1)GC2',
  '15.2(1)GC1',
  '15.2(1)GC',
  '15.2(1)EY',
  '15.2(1)E3',
  '15.2(1)E2',
  '15.2(1)E1',
  '15.2(1)E',
  '15.1(4)XB8a',
  '15.1(4)XB8',
  '15.1(4)XB7',
  '15.1(4)XB6',
  '15.1(4)XB5a',
  '15.1(4)XB5',
  '15.1(4)XB4',
  '15.1(4)M9',
  '15.1(4)M8',
  '15.1(4)M7',
  '15.1(4)M6',
  '15.1(4)M5',
  '15.1(4)M4',
  '15.1(4)M3a',
  '15.1(4)M3',
  '15.1(4)M2',
  '15.1(4)M12a',
  '15.1(4)M10',
  '15.1(4)M1',
  '15.1(4)M0b',
  '15.1(4)M0a',
  '15.1(4)M',
  '15.1(4)GC2',
  '15.1(4)GC1',
  '15.1(4)GC',
  '15.1(3)T4',
  '15.1(3)T3',
  '15.1(3)T2',
  '15.1(3)T1',
  '15.1(3)T',
  '15.1(3)SVS',
  '15.1(3)S7',
  '15.1(3)S6',
  '15.1(3)S5a',
  '15.1(3)S5',
  '15.1(3)S4',
  '15.1(3)S3',
  '15.1(3)S2',
  '15.1(3)S1',
  '15.1(3)S0a',
  '15.1(3)S',
  '15.1(3)MRA4',
  '15.1(3)MRA3',
  '15.1(3)MRA2',
  '15.1(3)MRA1',
  '15.1(3)MRA',
  '15.1(2)T5',
  '15.1(2)T4',
  '15.1(2)T3',
  '15.1(2)T2a',
  '15.1(2)T2',
  '15.1(2)T1',
  '15.1(2)T0a',
  '15.1(2)T',
  '15.1(2)SY9',
  '15.1(2)SY8',
  '15.1(2)SY7',
  '15.1(2)SY6',
  '15.1(2)SY5',
  '15.1(2)SY4a',
  '15.1(2)SY4',
  '15.1(2)SY3',
  '15.1(2)SY2',
  '15.1(2)SY15',
  '15.1(2)SY14',
  '15.1(2)SY13',
  '15.1(2)SY12',
  '15.1(2)SY11',
  '15.1(2)SY10',
  '15.1(2)SY1',
  '15.1(2)SY',
  '15.1(2)SG8',
  '15.1(2)SG7',
  '15.1(2)SG6',
  '15.1(2)SG5',
  '15.1(2)SG4',
  '15.1(2)SG3',
  '15.1(2)SG2',
  '15.1(2)SG1',
  '15.1(2)SG',
  '15.1(2)S2',
  '15.1(2)S1',
  '15.1(2)S',
  '15.1(2)GC2',
  '15.1(2)GC1',
  '15.1(2)GC',
  '15.1(1)XB3',
  '15.1(1)XB2',
  '15.1(1)XB1',
  '15.1(1)XB',
  '15.1(1)T5',
  '15.1(1)T4',
  '15.1(1)T3',
  '15.1(1)T2',
  '15.1(1)T1',
  '15.1(1)T',
  '15.1(1)SY6',
  '15.1(1)SY5',
  '15.1(1)SY4',
  '15.1(1)SY3',
  '15.1(1)SY2',
  '15.1(1)SY1',
  '15.1(1)SY',
  '15.1(1)SG2',
  '15.1(1)SG1',
  '15.1(1)SG',
  '15.1(1)S2',
  '15.1(1)S1',
  '15.1(1)S',
  '15.0(2a)SE9',
  '15.0(2a)EX5',
  '15.0(2)XO',
  '15.0(2)SQD8',
  '15.0(2)SQD7',
  '15.0(2)SQD6',
  '15.0(2)SQD5',
  '15.0(2)SQD4',
  '15.0(2)SQD3',
  '15.0(2)SQD2',
  '15.0(2)SQD1',
  '15.0(2)SQD',
  '15.0(2)SG9',
  '15.0(2)SG8',
  '15.0(2)SG7',
  '15.0(2)SG6',
  '15.0(2)SG5',
  '15.0(2)SG4',
  '15.0(2)SG3',
  '15.0(2)SG2',
  '15.0(2)SG11a',
  '15.0(2)SG11',
  '15.0(2)SG10',
  '15.0(2)SG1',
  '15.0(2)SG',
  '15.0(2)SE9',
  '15.0(2)SE8',
  '15.0(2)SE7',
  '15.0(2)SE6',
  '15.0(2)SE5',
  '15.0(2)SE4',
  '15.0(2)SE3',
  '15.0(2)SE2',
  '15.0(2)SE13',
  '15.0(2)SE12',
  '15.0(2)SE11',
  '15.0(2)SE10a',
  '15.0(2)SE10',
  '15.0(2)SE1',
  '15.0(2)SE',
  '15.0(2)MR',
  '15.0(2)EZ',
  '15.0(2)EY3',
  '15.0(2)EY2',
  '15.0(2)EY1',
  '15.0(2)EY',
  '15.0(2)EX8',
  '15.0(2)EX7',
  '15.0(2)EX6',
  '15.0(2)EX5',
  '15.0(2)EX4',
  '15.0(2)EX3',
  '15.0(2)EX2',
  '15.0(2)EX13',
  '15.0(2)EX12',
  '15.0(2)EX11',
  '15.0(2)EX10',
  '15.0(2)EX1',
  '15.0(2)EX',
  '15.0(2)EK1',
  '15.0(2)EK',
  '15.0(2)EJ1',
  '15.0(2)EJ',
  '15.0(1)XO1',
  '15.0(1)XO',
  '15.0(1)XA5',
  '15.0(1)XA4',
  '15.0(1)XA3',
  '15.0(1)XA2',
  '15.0(1)XA1',
  '15.0(1)XA',
  '15.0(1)SY9',
  '15.0(1)SY8',
  '15.0(1)SY7a',
  '15.0(1)SY7',
  '15.0(1)SY6',
  '15.0(1)SY5',
  '15.0(1)SY4',
  '15.0(1)SY3',
  '15.0(1)SY2',
  '15.0(1)SY10',
  '15.0(1)SY1',
  '15.0(1)SY',
  '15.0(1)SE3',
  '15.0(1)SE2',
  '15.0(1)SE1',
  '15.0(1)SE',
  '15.0(1)S6',
  '15.0(1)S5',
  '15.0(1)S4a',
  '15.0(1)S4',
  '15.0(1)S3a',
  '15.0(1)S2',
  '15.0(1)S1',
  '15.0(1)S',
  '15.0(1)MR',
  '15.0(1)M9',
  '15.0(1)M8',
  '15.0(1)M7',
  '15.0(1)M6a',
  '15.0(1)M6',
  '15.0(1)M5',
  '15.0(1)M4',
  '15.0(1)M3',
  '15.0(1)M2',
  '15.0(1)M10',
  '15.0(1)M1',
  '15.0(1)M',
  '15.0(1)EY2',
  '15.0(1)EY1',
  '15.0(1)EY',
  '15.0(1)EX',
  '12.4(24)YS9',
  '12.4(24)YS8a',
  '12.4(24)YS8',
  '12.4(24)YS7',
  '12.4(24)YS6',
  '12.4(24)YS5',
  '12.4(24)YS4',
  '12.4(24)YS3',
  '12.4(24)YS2',
  '12.4(24)YS10',
  '12.4(24)YS1',
  '12.4(24)YS',
  '12.4(24)YG4',
  '12.4(24)YG3',
  '12.4(24)YG2',
  '12.4(24)YG1',
  '12.4(24)YG',
  '12.4(24)T9',
  '12.4(24)T8',
  '12.4(24)T7',
  '12.4(24)T6',
  '12.4(24)T5',
  '12.4(24)T4o',
  '12.4(24)T4n',
  '12.4(24)T4m',
  '12.4(24)T4l',
  '12.4(24)T4k',
  '12.4(24)T4j',
  '12.4(24)T4i',
  '12.4(24)T4h',
  '12.4(24)T4g',
  '12.4(24)T4f',
  '12.4(24)T4e',
  '12.4(24)T4d',
  '12.4(24)T4c',
  '12.4(24)T4b',
  '12.4(24)T4a',
  '12.4(24)T4',
  '12.4(24)T3f',
  '12.4(24)T3e',
  '12.4(24)T3',
  '12.4(24)T2',
  '12.4(24)T12',
  '12.4(24)T11',
  '12.4(24)T10',
  '12.4(24)T1',
  '12.4(24)T',
  '12.4(24)MDB9',
  '12.4(24)MDB8',
  '12.4(24)MDB7',
  '12.4(24)MDB6',
  '12.4(24)MDB5a',
  '12.4(24)MDB5',
  '12.4(24)MDB4',
  '12.4(24)MDB3',
  '12.4(24)MDB19',
  '12.4(24)MDB18',
  '12.4(24)MDB17',
  '12.4(24)MDB16',
  '12.4(24)MDB15',
  '12.4(24)MDB14',
  '12.4(24)MDB13',
  '12.4(24)MDB12',
  '12.4(24)MDB11',
  '12.4(24)MDB10',
  '12.4(24)MDB1',
  '12.4(24)MDB',
  '12.4(24)MDA9',
  '12.4(24)MDA8',
  '12.4(24)MDA7',
  '12.4(24)MDA6',
  '12.4(24)MDA5',
  '12.4(24)MDA4',
  '12.4(24)MDA3',
  '12.4(24)MDA2',
  '12.4(24)MDA13',
  '12.4(24)MDA12',
  '12.4(24)MDA11',
  '12.4(24)MDA10',
  '12.4(24)MDA1',
  '12.4(24)MDA',
  '12.4(24)MD7',
  '12.4(24)MD6',
  '12.4(24)MD5',
  '12.4(24)MD4',
  '12.4(24)MD3',
  '12.4(24)MD2',
  '12.4(24)MD1',
  '12.4(24)MD',
  '12.4(22)XR9',
  '12.4(22)XR8',
  '12.4(22)XR7',
  '12.4(22)XR6',
  '12.4(22)XR5',
  '12.4(22)XR4',
  '12.4(22)XR3',
  '12.4(22)XR2',
  '12.4(22)XR12',
  '12.4(22)XR11',
  '12.4(22)XR10',
  '12.4(22)XR1',
  '12.4(22)T5',
  '12.4(22)T4',
  '12.4(22)T3',
  '12.4(22)T2',
  '12.4(22)T1',
  '12.4(22)T',
  '12.4(22)MDA6',
  '12.4(22)MDA5',
  '12.4(22)MDA4',
  '12.4(22)MDA3',
  '12.4(22)MDA2',
  '12.4(22)MDA1',
  '12.4(22)MDA',
  '12.4(22)MD2',
  '12.4(22)MD1',
  '12.4(22)MD',
  '12.4(20)T9',
  '12.4(20)T6',
  '12.4(20)T5a',
  '12.4(20)T5',
  '12.4(20)T4',
  '12.4(20)T3',
  '12.4(20)T2',
  '12.4(20)T1',
  '12.4(20)T',
  '12.4(20)MRB1',
  '12.4(20)MRB',
  '12.4(20)MR2',
  '12.4(20)MR1',
  '12.4(20)MR',
  '12.4(15)XZ2',
  '12.4(15)XZ1',
  '12.4(15)XZ',
  '12.2(60)EZ9',
  '12.2(60)EZ8',
  '12.2(60)EZ7',
  '12.2(60)EZ6',
  '12.2(60)EZ5',
  '12.2(60)EZ4',
  '12.2(60)EZ3',
  '12.2(60)EZ2',
  '12.2(60)EZ16',
  '12.2(60)EZ14',
  '12.2(60)EZ13',
  '12.2(60)EZ12',
  '12.2(60)EZ11',
  '12.2(60)EZ10',
  '12.2(60)EZ1',
  '12.2(60)EZ',
  '12.2(6)I1',
  '12.2(58)SE2',
  '12.2(58)SE1',
  '12.2(58)SE',
  '12.2(58)EZ',
  '12.2(58)EY2',
  '12.2(58)EY1',
  '12.2(58)EY',
  '12.2(58)EX',
  '12.2(55)SE9',
  '12.2(55)SE8',
  '12.2(55)SE7',
  '12.2(55)SE6',
  '12.2(55)SE5',
  '12.2(55)SE4',
  '12.2(55)SE3',
  '12.2(55)SE2',
  '12.2(55)SE13a',
  '12.2(55)SE13',
  '12.2(55)SE12',
  '12.2(55)SE11',
  '12.2(55)SE10',
  '12.2(55)SE1',
  '12.2(55)SE',
  '12.2(55)EZ',
  '12.2(55)EY',
  '12.2(55)EX3',
  '12.2(55)EX2',
  '12.2(55)EX1',
  '12.2(55)EX',
  '12.2(54)XO',
  '12.2(54)WO',
  '12.2(54)SG1',
  '12.2(54)SG',
  '12.2(54)SE',
  '12.2(53)SG9',
  '12.2(53)SG8',
  '12.2(53)SG7',
  '12.2(53)SG6',
  '12.2(53)SG5',
  '12.2(53)SG4',
  '12.2(53)SG3',
  '12.2(53)SG2',
  '12.2(53)SG11',
  '12.2(53)SG10',
  '12.2(53)SG1',
  '12.2(53)SE2',
  '12.2(53)SE1',
  '12.2(53)SE',
  '12.2(53)EZ',
  '12.2(53)EY',
  '12.2(53)EX',
  '12.2(52)XO',
  '12.2(52)SG',
  '12.2(52)SE1',
  '12.2(52)SE',
  '12.2(52)EY4',
  '12.2(52)EY3a',
  '12.2(52)EY3',
  '12.2(52)EY2a',
  '12.2(52)EY2',
  '12.2(52)EY1c',
  '12.2(52)EY1b',
  '12.2(52)EY1a',
  '12.2(52)EY1',
  '12.2(52)EY',
  '12.2(52)EX1',
  '12.2(52)EX',
  '12.2(50)SQ7',
  '12.2(50)SQ6',
  '12.2(50)SQ5',
  '12.2(50)SQ4',
  '12.2(50)SQ3',
  '12.2(50)SQ2',
  '12.2(50)SQ1',
  '12.2(50)SQ',
  '12.2(50)SG8',
  '12.2(50)SG7',
  '12.2(50)SG6',
  '12.2(50)SG5',
  '12.2(50)SG4',
  '12.2(50)SG3',
  '12.2(50)SG2',
  '12.2(50)SG1',
  '12.2(50)SG',
  '12.2(50)SE5',
  '12.2(50)SE4',
  '12.2(50)SE3',
  '12.2(50)SE2',
  '12.2(50)SE1',
  '12.2(50)SE',
  '12.2(46)SG1',
  '12.2(46)SG',
  '12.2(46)SE',
  '12.2(44)SQ2',
  '12.2(44)SQ',
  '12.2(44)SG1',
  '12.2(44)SG',
  '12.2(44)SE6',
  '12.2(44)SE5',
  '12.2(44)SE4',
  '12.2(44)SE3',
  '12.2(44)SE2',
  '12.2(44)SE1',
  '12.2(44)SE',
  '12.2(44)EY',
  '12.2(40)SE',
  '12.2(40)EX3',
  '12.2(40)EX2',
  '12.2(40)EX1',
  '12.2(40)EX',
  '12.2(33)ZI',
  '12.2(33)SXJ9',
  '12.2(33)SXJ8',
  '12.2(33)SXJ7',
  '12.2(33)SXJ6',
  '12.2(33)SXJ5',
  '12.2(33)SXJ4',
  '12.2(33)SXJ3',
  '12.2(33)SXJ2',
  '12.2(33)SXJ10',
  '12.2(33)SXJ1',
  '12.2(33)SXJ',
  '12.2(33)SXI9a',
  '12.2(33)SXI9',
  '12.2(33)SXI8a',
  '12.2(33)SXI8',
  '12.2(33)SXI7',
  '12.2(33)SXI6',
  '12.2(33)SXI5a',
  '12.2(33)SXI5',
  '12.2(33)SXI4a',
  '12.2(33)SXI4',
  '12.2(33)SXI3z',
  '12.2(33)SXI3a',
  '12.2(33)SXI3',
  '12.2(33)SXI2a',
  '12.2(33)SXI2',
  '12.2(33)SXI14',
  '12.2(33)SXI13',
  '12.2(33)SXI12',
  '12.2(33)SXI11',
  '12.2(33)SXI10',
  '12.2(33)SXI1',
  '12.2(33)SXI',
  '12.2(33)SRE9a',
  '12.2(33)SRE9',
  '12.2(33)SRE8',
  '12.2(33)SRE7a',
  '12.2(33)SRE7',
  '12.2(33)SRE6',
  '12.2(33)SRE5',
  '12.2(33)SRE4',
  '12.2(33)SRE3',
  '12.2(33)SRE2',
  '12.2(33)SRE15a',
  '12.2(33)SRE15',
  '12.2(33)SRE14',
  '12.2(33)SRE13',
  '12.2(33)SRE12',
  '12.2(33)SRE11',
  '12.2(33)SRE10',
  '12.2(33)SRE1',
  '12.2(33)SRE0a',
  '12.2(33)SRE'
);

reporting = make_array(
  'port'     , product_info['port'],
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvq05584'
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_versions:version_list
);