Vulnerabilities > CVE-2015-1637 - Cryptographic Issues vulnerability in Microsoft products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
microsoft
CWE-310
nessus

Summary

Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Msbulletin

bulletin_idMS15-031
bulletin_url
date2015-03-10T00:00:00
impactSecurity Feature Bypass
knowledgebase_id3046049
knowledgebase_url
severityImportant
titleVulnerability in Schannel Could Allow Security Feature Bypass

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS15-031.NASL
    descriptionThe remote Windows host is affected by a security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic.
    last seen2020-06-01
    modified2020-06-02
    plugin id81745
    published2015-03-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81745
    titleMS15-031: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) (FREAK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81745);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-1637");
      script_bugtraq_id(72965);
      script_xref(name:"CERT", value:"243585");
      script_xref(name:"MSFT", value:"MS15-031");
      script_xref(name:"MSKB", value:"3046049");
    
      script_name(english:"MS15-031: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) (FREAK)");
      script_summary(english:"Checks the version of schannel.dll.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host is affected by a security feature bypass
    vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is affected by a security feature bypass
    vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys),
    due to the support of weak EXPORT_RSA cipher suites with keys less
    than or equal to 512 bits. A man-in-the-middle attacker may be able to
    downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which
    can be factored in a short amount of time, allowing the attacker to
    intercept and decrypt the traffic.");
      script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-031");
      script_set_attribute(attribute:"see_also", value:"https://www.smacktls.com/#freak");
      script_set_attribute(attribute:"solution", value:
    "Microsoft has released a set of patches for Windows 2003, Vista, 2008,
    7, 2008 R2, 8, 2012, 8.1, and 2012 R2.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1637");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = 'MS15-031';
    
    kb = "3046049";
    kbs = make_list(
      kb
    );
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    
    share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    # The 2k3 checks could flag XP 64, which is unsupported
    productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
    if ("Windows XP" >< productname) audit(AUDIT_OS_SP_NOT_VULN);
    
    if (
      # Windows 8.1 / 2012 R2
      hotfix_is_vulnerable(os:"6.3", file:"schannel.dll", version:"6.3.9600.17702", min_version:"6.3.9600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows 8 / 2012
      hotfix_is_vulnerable(os:"6.2", file:"schannel.dll", version:"6.2.9200.21410", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.2", file:"schannel.dll", version:"6.2.9200.17293", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows 7 / 2008 R2
      hotfix_is_vulnerable(os:"6.1", sp:1, file:"schannel.dll", version:"6.1.7601.22983", min_version:"6.1.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.1", sp:1, file:"schannel.dll", version:"6.1.7601.18779", min_version:"6.1.7600.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Vista / 2008
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"schannel.dll", version:"6.0.6002.23640", min_version:"6.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"schannel.dll", version:"6.0.6002.19332", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows 2003
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"schannel.dll", version:"5.2.3790.5564", dir:"\system32", bulletin:bulletin, kb:kb)
    
    )
    {
      set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
      hotfix_security_warning();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, 'affected');
    }
    
  • NASL familyMisc.
    NASL idLEXMARK_PRINTER_TE701.NASL
    descriptionAccording to its firmware version, the remote Lexmark printer is affected by a security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic.
    last seen2020-06-01
    modified2020-06-02
    plugin id86426
    published2015-10-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86426
    titleLexmark Printer config.html Administrator Authentication Bypass (FREAK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86426);
      script_version("1.3");
      script_cvs_date("Date: 2018/07/12 19:01:16");
    
      script_cve_id("CVE-2015-0204", "CVE-2015-1637");
      script_bugtraq_id(71936, 72965);
      script_xref(name:"CERT", value:"243585");
    
      script_name(english:"Lexmark Printer config.html Administrator Authentication Bypass (FREAK)");
      script_summary(english:"Checks the version of a Lexmark printer.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote printer is affected by a security bypass vulnerability
    known as FREAK.");
      script_set_attribute(attribute:"description", value:
    "According to its firmware version, the remote Lexmark printer is
    affected by a security feature bypass vulnerability, known as FREAK
    (Factoring attack on RSA-EXPORT Keys), due to the support of weak
    EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A
    man-in-the-middle attacker may be able to downgrade the SSL/TLS
    connection to use EXPORT_RSA cipher suites which can be factored in a
    short amount of time, allowing the attacker to intercept and decrypt
    the traffic.");
      # http://support.lexmark.com/index?modifiedDate=04%2F20%2F15&page=content&actp=LIST_RECENT&id=TE701&locale=EN&userlocale=EN_US
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?60f299d0");
      script_set_attribute(attribute:"see_also", value:"https://www.smacktls.com/#freak");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to a fixed release as referenced in the vendor advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/19");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:cs31x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:cs41x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:cs51x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:cx310");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:cx410");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:cx510");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xc2132");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms310");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms312");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms315");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms410");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms415");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms51x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms610dn");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms610dtn");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:m1145");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:m3150dn");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms610de");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms610dte");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:m3150");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms71x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms810n");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms810dn");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms810dtn");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms811");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms812dn");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms812dtn");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:m5163dn");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms810de");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:m5155");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:m5163");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms812de");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:m5170");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:ms91x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx310");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx410");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx510");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx511");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xm1145");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx610");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx611");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xm3150");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx71x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx81x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xm51xx");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xm71xx");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx91x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:mx6500e");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c746");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c748");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:cs748");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c79x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:cs796");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c925");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c95x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x548");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xs548");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x74x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xs748");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x792");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xs79x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x925");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xs925");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x95x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:xs95x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:6500e");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c734");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c736");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:e46x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:t650");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:t652");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:t654");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:t656");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:w85x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x46x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x65x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x73x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x86x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c54x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:e26x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:e36x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x26x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x36x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x54x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c52x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c53x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c77x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c78x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c92x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:c93x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:e45x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:t64x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:w84x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x642");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x644");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x646");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x64xef");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x77x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x78x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x85x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:x94x");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:n4000");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:n4050e");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:lexmark:n7xxe");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
    
      script_dependencies("lexmark_printer_detect.nasl");
      script_require_keys("www/lexmark_printer/model", "www/lexmark_printer/base_ver");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    report_model   = get_kb_item_or_exit("www/lexmark_printer/model");
    report_version = get_kb_item_or_exit("www/lexmark_printer/base_ver");
    
    use_model = tolower(report_model - 'Lexmark ');
    use_version = tolower(report_version);
    
    if (report_version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, "the remote Lexmark printer ("+report_model+")", 0);
    
    # tolower(model regex),
    # vuln regex
    model_and_vuln_vers = make_array(
      # CS31x with LW41.VYL.P486 or previous
      "^cs31[0-9]$",
      "^lw41\.vyl\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # CS41x with LW41.VY2.P486 or previous
      "^cs41[0-9]$",
      "^lw41\.vy2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # CS51x with LW41.VY4.P486 or previous
      "^cs51[0-9]$",
      "^lw41\.vy4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # CX310 with LW41.GM2.P486 or previous
      "^cx310$",
      "^lw41\.gm2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # CX410 with LW41.GM4.P486 or previous
      "^cx410$",
      "^lw41\.gm4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # CX510 with LW41.GM7.P486 or previous
      "^cx510$",
      "^lw41\.gm7\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # XC2132 with LW41.GM7.P486 or previous
      "^xc2132$",
      "^lw41\.gm7\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS310 with LW41.PRL.P486 or previous
      "^ms310$",
      "^lw41\.prl\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS312 with LW41.PRL.P486 or previous
      "^ms312$",
      "^lw41\.prl\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS315 with LW41.TL2.P486 or previous
      "^ms315$",
      "^lw41\.tl2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS410 with LW41.PRL.P486 or previous
      "^ms410$",
      "^lw41\.prl\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS415 with LW41.TL2.P486 or previous
      "^ms415$",
      "^lw41\.tl2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS51x with LW41.PR2.P486 or previous
      "^ms51[0-9]$",
      "^lw41\.pr2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS610dn with LW41.PR2.P486 or previous
      "^ms610dn$",
      "^lw41\.pr2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS610dtn with LW41.PR2.P486 or previous
      "^ms610dtn$",
      "^lw41\.pr2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # M1145 with LW41.PR2.P486 or previous
      "^m1145$",
      "^lw41\.pr2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # M3150dn with LW41.PR2.P486 or previous
      "^m3150dn$",
      "^lw41\.pr2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS610de with LW41.PR4.P486 or previous
      "^ms610de$",
      "^lw41\.pr4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS610dte with LW41.PR4.P486 or previous
      "^ms610dte$",
      "^lw41\.pr4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # M3150 with LW41.PR4.P486 or previous
      "^m3150$",
      "^lw41\.pr4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS71x with LW41.DN2.P486 or previous
      "^ms71[0-9]$",
      "^lw41\.dn2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS810n with LW41.DN2.P486 or previous
      "^ms810n$",
      "^lw41\.dn2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS810dn with LW41.DN2.P486 or previous
      "^ms810dn$",
      "^lw41\.dn2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS810dtn with LW41.DN2.P486 or previous
      "^ms810dtn$",
      "^lw41\.dn2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS811 with LW41.DN2.P486 or previous
      "^ms811$",
      "^lw41\.dn2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS812dn with LW41.DN2.P486 or previous
      "^ms812dn$",
      "^lw41\.dn2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS812dtn with LW41.DN2.P486 or previous
      "^ms812dtn$",
      "^lw41\.dn2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # M5163dn with LW41.DN2.P486 or previous
      "^m5163dn$",
      "^lw41\.dn2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS810de with LW41.DN4.P486 or previous
      "^ms810de$",
      "^lw41\.dn4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # M5155 with LW41.DN4.P486 or previous
      "^m5155$",
      "^lw41\.dn4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # M5163 with LW41.DN4.P486 or previous
      "^m5163$",
      "^lw41\.dn4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS812de with LW41.DN7.P486 or previous
      "^ms812de$",
      "^lw41\.dn7\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # M5170 with LW41.DN7.P486 or previous
      "^m5170$",
      "^lw41\.dn7\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MS91x with LW41.SA.P486 or previous
      "^ms91[0-9]$",
      "^lw41\.sa\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX310 with LW41.SB2.P486 or previous
      "^mx310$",
      "^lw41\.sb2\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX410 with LW41.SB4.P486 or previous
      "^mx410$",
      "^lw41\.sb4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX510 with LW41.SB4.P486 or previous
      "^mx510$",
      "^lw41\.sb4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX511 with LW41.SB4.P486 or previous
      "^mx511$",
      "^lw41\.sb4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # XM1145 with LW41.SB4.P486 or previous
      "^xm1145$",
      "^lw41\.sb4\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX610 with LW41.SB7.P486 or previous
      "^mx610$",
      "^lw41\.sb7\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX611 with LW41.SB7.P486 or previous
      "^mx611$",
      "^lw41\.sb7\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # XM3150 with LW41.SB7.P486 or previous
      "^xm3150$",
      "^lw41\.sb7\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX71x with LW41.TU.P486 or previous
      "^mx71[0-9]$",
      "^lw41\.tu\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX81x with LW41.TU.P486 or previous
      "^mx81[0-9]$",
      "^lw41\.tu\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # XM51xx with LW41.TU.P486 or previous
      "^xm51[0-9][0-9]$",
      "^lw41\.tu\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # XM71xx with LW41.TU.P486 or previous
      "^xm71[0-9][0-9]$",
      "^lw41\.tu\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX91x with LW41.MG.P486 or previous
      "^mx91[0-9]$",
      "^lw41\.mg\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # MX6500e with LW41.JD.P486 or previous
      "^mx6500e$",
      "^lw41\.jd\.p([0-3][0-9][0-9]|4[0-7][0-9]|48[0-6])($|[^0-9])", 
      # C746 with LHS41.CM2.P476 or previous
      "^c746$",
      "^lhs41\.cm2\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # C748 with LHS41.CM4.P476 or previous
      "^c748$",
      "^lhs41\.cm4\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # CS748 with LHS41.CM4.P476 or previous
      "^cs748$",
      "^lhs41\.cm4\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # C79x with LHS41.HC.P476 or previous
      "^c79[0-9]$",
      "^lhs41\.hc\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # CS796 with LHS41.HC.P476 or previous
      "^cs796$",
      "^lhs41\.hc\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # C925 with LHS41.HV.P476 or previous
      "^c925$",
      "^lhs41\.hv\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # C95x with LHS41.TP.P476 or previous
      "^c95[0-9]$",
      "^lhs41\.tp\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # X548 with LHS41.VK.P476 or previous
      "^x548$",
      "^lhs41\.vk\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # XS548 with LHS41.VK.P476 or previous
      "^xs548$",
      "^lhs41\.vk\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # X74x with LHS41.NY.P476 or previous
      "^x74[0-9]$",
      "^lhs41\.ny\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # XS748 with LHS41.NY.P476 or previous
      "^xs748$",
      "^lhs41\.ny\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # X792 with LHS41.MR.P476 or previous
      "^x792$",
      "^lhs41\.mr\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # XS79x with LHS41.MR.P476 or previous
      "^xs79[0-9]$",
      "^lhs41\.mr\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # X925 with LHS41.HK.P476 or previous
      "^x925$",
      "^lhs41\.hk\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # XS925 with LHS41.HK.P476 or previous
      "^xs925$",
      "^lhs41\.hk\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # X95x with LHS41.TQ.P476 or previous
      "^x95[0-9]$",
      "^lhs41\.tq\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # XS95x with LHS41.TQ.P476 or previous
      "^xs95[0-9]$",
      "^lhs41\.tq\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # 6500e with LHS41.JR.P476 or previous
      "^6500e$",
      "^lhs41\.jr\.p([0-3][0-9][0-9]|4[0-6][0-9]|47[0-6])($|[^0-9])", 
      # C734 with LR.SK.P696 or previous
      "^c734$",
      "^lr\.sk\.p([0-5][0-9][0-9]|6[0-8][0-9]|69[0-6])($|[^0-9])", 
      # C736 with LR.SKE.P694 or previous
      "^c736$",
      "^lr\.ske\.p([0-5][0-9][0-9]|6[0-8][0-9]|69[0-4])($|[^0-9])", 
      # E46x with LR.LBH.P675 or previous
      "^e46[0-9]$",
      "^lr\.lbh\.p([0-5][0-9][0-9]|6[0-6][0-9]|67[0-5])($|[^0-9])", 
      # T650 with LR.JP.P684 or previous
      "^t650$",
      "^lr\.jp\.p([0-5][0-9][0-9]|6[0-7][0-9]|68[0-4])($|[^0-9])", 
      # T652 with LR.JP.P684 or previous
      "^t652$",
      "^lr\.jp\.p([0-5][0-9][0-9]|6[0-7][0-9]|68[0-4])($|[^0-9])", 
      # T654 with LR.JP.P684 or previous
      "^t654$",
      "^lr\.jp\.p([0-5][0-9][0-9]|6[0-7][0-9]|68[0-4])($|[^0-9])", 
      # T656 with LSJ.SJ.P044 or previous
      "^t656$",
      "^lsj\.sj\.p(0[0-3][0-9]|04[0-4])($|[^0-9])", 
      # W85x with LR.JB.P647 or previous
      "^w85[0-9]$",
      "^lr\.jb\.p([0-5][0-9][0-9]|6[0-3][0-9]|64[0-7])($|[^0-9])", 
      # X46x with LR.BS.P698 or previous
      "^x46[0-9]$",
      "^lr\.bs\.p([0-5][0-9][0-9]|6[0-8][0-9]|69[0-8])($|[^0-9])", 
      # X65x with LR.MN.P700 or previous
      "^x65[0-9]$",
      "^lr\.mn\.p([0-6][0-9][0-9]|700)($|[^0-9])", 
      # X73x with LR.FL.P698 or previous
      "^x73[0-9]$",
      "^lr\.fl\.p([0-5][0-9][0-9]|6[0-8][0-9]|69[0-8])($|[^0-9])", 
      # X86x with LP.SP.P700 or previous
      "^x86[0-9]$",
      "^lp\.sp\.p([0-6][0-9][0-9]|700)($|[^0-9])", 
      # C54x with LL.AS.P536 or previous
      "^c54[0-9]$",
      "^ll\.as\.p([0-4][0-9][0-9]|5[0-2][0-9]|53[0-6])($|[^0-9])", 
      # E26x with LL.LBL.P541 or previous
      "^e26[0-9]$",
      "^ll\.lbl\.p([0-4][0-9][0-9]|5[0-3][0-9]|54[0-1])($|[^0-9])", 
      # E36x with LL.LBM.P541 or previous
      "^e36[0-9]$",
      "^ll\.lbm\.p([0-4][0-9][0-9]|5[0-3][0-9]|54[0-1])($|[^0-9])", 
      # X26x with LL.BZ.P546 or previous
      "^x26[0-9]$",
      "^ll\.bz\.p([0-4][0-9][0-9]|5[0-3][0-9]|54[0-6])($|[^0-9])", 
      # X36x with LL.BZ.P546 or previous
      "^x36[0-9]$",
      "^ll\.bz\.p([0-4][0-9][0-9]|5[0-3][0-9]|54[0-6])($|[^0-9])", 
      # X54x with LL.EL.P546 or previous
      "^x54[0-9]$",
      "^ll\.el\.p([0-4][0-9][0-9]|5[0-3][0-9]|54[0-6])($|[^0-9])", 
      # C52x with LS.FA.P152 or previous
      "^c52[0-9]$",
      "^ls\.fa\.p(0[0-9][0-9]|1[0-4][0-9]|15[0-2])($|[^0-9])", 
      # C53x with LS.SW.P071 or previous
      "^c53[0-9]$",
      "^ls\.sw\.p(0[0-6][0-9]|07[0-1])($|[^0-9])", 
      # C77x with LC.CM.P503 or previous
      "^c77[0-9]$",
      "^lc\.cm\.p([0-4][0-9][0-9]|50[0-3])($|[^0-9])", 
      # C78x with LC.IO.P190 or previous
      "^c78[0-9]$",
      "^lc\.io\.p(0[0-9][0-9]|1[0-8][0-9]|190)($|[^0-9])", 
      # C92x with LS.TA.P154 or previous
      "^c92[0-9]$",
      "^ls\.ta\.p(1[0-4][0-9]|15[0-4])($|[^0-9])", 
      # C93x with LC.JO.P095 or previous
      "^c93[0-9]$",
      "^lc\.jo\.p(0[0-8][0-9]|09[0-5])($|[^0-9])", 
      # E45x with LM.SZ.P124 or previous
      "^e45[0-9]$",
      "^lm\.sz\.p(0[0-9][0-9]|1[0-1][0-9]|12[0-4])($|[^0-9])", 
      # T64x with LS.ST.P353 or previous
      "^t64[0-9]$",
      "^ls\.st\.p([0-2][0-9][0-9]|3[0-4][0-9]|35[0-3])($|[^0-9])", 
      # W84x with LS.HA.P254 or previous
      "^w84[0-9]$",
      "^ls\.ha\.p([0-1][0-9][0-9]|2[0-4][0-9]|25[0-4])($|[^0-9])", 
      # X642 with LC2.MB.P318 or previous
      "^x642$",
      "^lc2\.mb\.p([0-2][0-9][0-9]|3[0-1][0-9])($|[^0-9])", 
      # X644 with LC2.MC.P377 or previous
      "^x644$",
      "^lc2\.mc\.p([0-2][0-9][0-9]|3[0-6][0-9]|37[0-7])($|[^0-9])", 
      # X646 with LC2.MC.P377 or previous
      "^x646$",
      "^lc2\.mc\.p([0-2][0-9][0-9]|3[0-6][0-9]|37[0-7])($|[^0-9])", 
      # X64xef with LC2.TI.P329 or previous
      "^x64[0-9]ef$",
      "^lc2\.ti\.p([0-2][0-9][0-9]|3[0-1][0-9]|32[0-9])($|[^0-9])", 
      # X77x with LC2.TR.P291 or previous
      "^x77[0-9]$",
      "^lc2\.tr\.p([0-1][0-9][0-9]|2[0-8][0-9]|29[0-1])($|[^0-9])", 
      # X78x with LC2.TO.P339 or previous
      "^x78[0-9]$",
      "^lc2\.to\.p([0-2][0-9][0-9]|3[0-2][0-9]|33[0-9])($|[^0-9])", 
      # X85x with LC4.BE.P491 or previous
      "^x85[0-9]$",
      "^lc4\.be\.p([0-3][0-9][0-9]|4[0-8][0-9]|49[0-1])($|[^0-9])", 
      # X94x with LC.BR.P153 or previous
      "^x94[0-9]$",
      "^lc\.br\.p(0[0-9][0-9]|1[0-4][0-9]|15[0-3])($|[^0-9])", 
      # N4000 with LC.MD.P119 or previous
      "^n4000$",
      "^lc\.md\.p(0[0-9][0-9]|1[0-1][0-9])($|[^0-9])", 
      # N4050e with GO.GO.N206 or previous
      "^n4050e$",
      "^go\.go\.n([0-1][0-9][0-9]|20[0-6])($|[^0-9])", 
      # N7xxe with LC.CO.N309 or previous
      "^n7[0-9][0-9]e$",
      "^lc\.co\.n([0-2][0-9][0-9]|30[0-9])($|[^0-9])"
    );
    
    model_and_fix_vers = make_array(
      "^cs31[0-9]$", "LW41.VYL.P487", 
      "^cs41[0-9]$", "LW41.VY2.P487", 
      "^cs51[0-9]$", "LW41.VY4.P487", 
      "^cx310$", "LW41.GM2.P487", 
      "^cx410$", "LW41.GM4.P487", 
      "^cx510$", "LW41.GM7.P487", 
      "^xc2132$", "LW41.GM7.P487", 
      "^ms310$", "LW41.PRL.P487", 
      "^ms312$", "LW41.PRL.P487", 
      "^ms315$", "LW41.TL2.P487", 
      "^ms410$", "LW41.PRL.P487", 
      "^ms415$", "LW41.TL2.P487", 
      "^ms51[0-9]$", "LW41.PR2.P487", 
      "^ms610dn$", "LW41.PR2.P487", 
      "^ms610dtn$", "LW41.PR2.P487", 
      "^m1145$", "LW41.PR2.P487", 
      "^m3150dn$", "LW41.PR2.P487", 
      "^ms610de$", "LW41.PR4.P487", 
      "^ms610dte$", "LW41.PR4.P487", 
      "^m3150$", "LW41.PR4.P487", 
      "^ms71[0-9]$", "LW41.DN2.P487", 
      "^ms810n$", "LW41.DN2.P487", 
      "^ms810dn$", "LW41.DN2.P487", 
      "^ms810dtn$", "LW41.DN2.P487", 
      "^ms811$", "LW41.DN2.P487", 
      "^ms812dn$", "LW41.DN2.P487", 
      "^ms812dtn$", "LW41.DN2.P487", 
      "^m5163dn$", "LW41.DN2.P487", 
      "^ms810de$", "LW41.DN4.P487", 
      "^m5155$", "LW41.DN4.P487", 
      "^m5163$", "LW41.DN4.P487", 
      "^ms812de$", "LW41.DN7.P487", 
      "^m5170$", "LW41.DN7.P487", 
      "^ms91[0-9]$", "LW41.SA.P487", 
      "^mx310$", "LW41.SB2.P487", 
      "^mx410$", "LW41.SB4.P487", 
      "^mx510$", "LW41.SB4.P487", 
      "^mx511$", "LW41.SB4.P487", 
      "^xm1145$", "LW41.SB4.P487", 
      "^mx610$", "LW41.SB7.P487", 
      "^mx611$", "LW41.SB7.P487", 
      "^xm3150$", "LW41.SB7.P487", 
      "^mx71[0-9]$", "LW41.TU.P487", 
      "^mx81[0-9]$", "LW41.TU.P487", 
      "^xm51[0-9][0-9]$", "LW41.TU.P487", 
      "^xm71[0-9][0-9]$", "LW41.TU.P487", 
      "^mx91[0-9]$", "LW41.MG.487", 
      "^mx6500e$", "LW41.JD.487", 
      "^c746$", "LHS41.CM2.P477", 
      "^c748$", "LHS41.CM4.P477", 
      "^cs748$", "LHS41.CM4.P477", 
      "^c79[0-9]$", "LHS41.HC.P477", 
      "^cs796$", "LHS41.HC.P477", 
      "^c925$", "LHS41.HV.P477", 
      "^c95[0-9]$", "LHS41.TP.P477", 
      "^x548$", "LHS41.VK.P477", 
      "^xs548$", "LHS41.VK.P477", 
      "^x74[0-9]$", "LHS41.NY.P477", 
      "^xs748$", "LHS41.NY.P477", 
      "^x792$", "LHS41.MR.P477", 
      "^xs79[0-9]$", "LHS41.MR.P477", 
      "^x925$", "LHS41.HK.P477", 
      "^xs925$", "LHS41.HK.P477", 
      "^x95[0-9]$", "LHS41.TQ.P477", 
      "^xs95[0-9]$", "LHS41.TQ.P477", 
      "^6500e$", "LHS41.JR.P477", 
      "^c734$", "LR.SK.P697", 
      "^c736$", "LR.SKE.P695", 
      "^e46[0-9]$", "LR.LBH.P676", 
      "^t650$", "LR.JP.P685", 
      "^t652$", "LR.JP.P685", 
      "^t654$", "LR.JP.P685", 
      "^t656$", "LSJ.SJ.P045", 
      "^w85[0-9]$", "LR.JB.P648", 
      "^x46[0-9]$", "LR.BS.P699", 
      "^x65[0-9]$", "LR.MN.P701", 
      "^x73[0-9]$", "LR.FL.P699", 
      "^x86[0-9]$", "LP.SP.P701", 
      "^c54[0-9]$", "LL.AS.P537", 
      "^e26[0-9]$", "LL.LBL.P542", 
      "^e36[0-9]$", "LL.LBM.P542", 
      "^x26[0-9]$", "LL.BZ.P547", 
      "^x36[0-9]$", "LL.BZ.P547", 
      "^x54[0-9]$", "LL.EL.P547", 
      "^c52[0-9]$", "LS.FA.P153", 
      "^c53[0-9]$", "LS.SW.P072", 
      "^c77[0-9]$", "LC.CM.P054", 
      "^c78[0-9]$", "LC.IO.P190", 
      "^c92[0-9]$", "LS.TA.P155", 
      "^c93[0-9]$", "LC.JO.P096", 
      "^e45[0-9]$", "LM.SZ.P125", 
      "^t64[0-9]$", "LS.ST.P354", 
      "^w84[0-9]$", "LS.HA.P255", 
      "^x642$", "LC2.MB.P319", 
      "^x644$", "LC2.MC.P378", 
      "^x646$", "LC2.MC.P378", 
      "^x64[0-9]ef$", "LC2.TI.P330", 
      "^x77[0-9]$", "LC2.TR.P292", 
      "^x78[0-9]$", "LC2.TO.P340", 
      "^x85[0-9]$", "LC4.BE.P492", 
      "^x94[0-9]$", "LC.BR.P154", 
      "^n4000$", "Contact Lexmark", 
      "^n4050e$", "Contact Lexmark", 
      "^n7[0-9][0-9]e$", "Contact Lexmark"
    );
    
    vuln_regex = NULL;
    report_fix = FALSE;
    
    # See if detected model is in the affected list
    foreach model_regex (keys(model_and_vuln_vers))
    {
      if (use_model =~ model_regex)
      {
        vuln_regex = model_and_vuln_vers[model_regex];
    
        # Do the vercheck
        if (use_version =~ vuln_regex)
        {
          vuln = TRUE;
          report_fix = model_and_fix_vers[model_regex];
        }
        break;
      }
    }
    
    if (report_fix)
    {
      if (report_verbosity > 0)
      {
        report = '\n  Model             : ' + report_model +
                 '\n  Installed version : ' + report_version +
                 '\n  Fixed version     : ' + report_fix +
                 '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "The Lexmark printer ("+report_model+")", report_version);
    
  • NASL familyWindows
    NASL idSMB_KB3046015.NASL
    descriptionThe remote Windows host is affected by a security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic.
    last seen2017-10-29
    modified2017-08-30
    plugin id81652
    published2015-03-05
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=81652
    titleMS KB3046015: Vulnerability in Schannel Could Allow Security Feature Bypass (FREAK)
    code
    #%NASL_MIN_LEVEL 999999
    
    # @DEPRECATED@
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81652);
      script_version("1.9");
      script_cvs_date("Date: 2018/08/13 14:32:39");
    
      script_cve_id("CVE-2015-1637");
      script_bugtraq_id(72965);
      script_xref(name:"MSKB", value:"3046015");
    
      script_name(english:"MS KB3046015: Vulnerability in Schannel Could Allow Security Feature Bypass (FREAK)");
      script_summary(english:"The remote host supports a weak set of ciphers.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is affected by a security feature bypass
    vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys),
    due to the support of weak EXPORT_RSA cipher suites with keys less
    than or equal to 512 bits. A man-in-the-middle attacker may be able to
    downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which
    can be factored in a short amount of time, allowing the attacker to
    intercept and decrypt the traffic.");
      script_set_attribute(attribute:"see_also", value:"https://technet.microsoft.com/en-us/library/security/3046015");
      script_set_attribute(attribute:"see_also", value:"https://www.smacktls.com/#freak");
    
      script_set_attribute(attribute:"solution", value:
    "Apply the recommended workarounds specified by Microsoft.");
    
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/05");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_hotfixes.nasl");
      script_require_keys("SMB/Registry/Enumerated","SMB/WindowsVersion");
      script_require_ports(139, 445);
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated; use smb_nt_ms15-031.nasl (plugin ID 81745) instead.");
    
    include("audit.inc");
    include("smb_func.inc");
    include("smb_hotfixes.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_reg_query.inc");
    include("byte_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit('SMB/Registry/Enumerated');
    
    winver = get_kb_item_or_exit("SMB/WindowsVersion");
    report = "";
    
    # For Vista+ Checks
    rkey    = "SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002\Functions";
    ciphers = make_list( # 'Bad' ciphers (in available but not in recommended)
      "TLS_RSA_WITH_AES_128_CBC_SHA",
      "TLS_RSA_WITH_AES_256_CBC_SHA",
      "TLS_RSA_WITH_RC4_128_SHA",
      "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521",
      "TLS_RSA_WITH_RC4_128_MD5",
      "SSL_CK_RC4_128_WITH_MD5",
      "SSL_CK_DES_192_EDE3_CBC_WITH_MD5",
      "TLS_RSA_WITH_NULL_SHA",
      "TLS_RSA_WITH_NULL_MD5",
      "TLS_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_RSA_WITH_AES_256_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521",
      "TLS_RSA_WITH_NULL_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521"
    );
    
    registry_init();
    hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
    if(winver < 6) # Check 2003
    {
    
        report = '\n  The version of windows on the remote system is vulnerable, however'+
                 '\n  there is no workaround for the issue at this time\n';
    }
    else # Vista+
    {
      rval = get_registry_value(handle:hklm, item:rkey);
      if(isnull(rval))
      {
        report = '\n'+
                 '  The workaround has not been applied; the key \n\n'+
                 '    - '+rkey+'\n\n' +
                 '  has not been set.\n';
      }
      else
      {
        # Check for bad ciphers
        foreach cipher (ciphers)
        {
          if(cipher >< rval)
            report += '    - '+cipher+'\n';
        }
        if(report!= "")
        {
          report = '\n'+
                   '  The following bad ciphers are enabled on the machine :\n\n'+
                   report+'\n';
        }
      }
    }
    RegCloseKey(handle:hklm);
    close_registry();
    
    # Workaround applied
    if(report == "")
      audit(AUDIT_HOST_NOT, 'affected');
    
    port = kb_smb_transport();
    if (report_verbosity > 0)
      security_warning(port:port, extra:report);
    else
      security_warning(port);
    

The Hacker News

idTHN:FE78A754DD5DBC51321A817B033C3492
last seen2018-01-27
modified2015-03-06
published2015-03-05
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2015/03/freak-openssl-vulnerability_5.html
titleMicrosoft: All Windows versions Vulnerable to FREAK Vulnerability