Vulnerabilities > CVE-2016-6415 - Information Exposure vulnerability in Cisco IOS XE

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cisco
CWE-200
nessus
exploit available
metasploit

Summary

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

Vulnerable Configurations

Part Description Count
OS
Cisco
3551

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Exploit-Db

descriptionCisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory. CVE-2016-6415. Remote exploit for Hardware platform
idEDB-ID:43383
last seen2017-12-22
modified2017-03-17
published2017-03-17
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/43383/
titleCisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory

Metasploit

descriptionA vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
idMSF:AUXILIARY/SCANNER/IKE/CISCO_IKE_BENIGNCERTAIN
last seen2020-05-27
modified2017-07-24
published2016-09-30
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ike/cisco_ike_benigncertain.rb
titleCisco IKE Information Disclosure

Nessus

  • NASL familyCISCO
    NASL idCISCO_IKEV1_INFO_DISCLOSURE.NASL
    descriptionThe IKE service running on the remote Cisco IOS device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 (IKEv1) subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted IKEv1 packet, to disclose memory contents, resulting in the disclosure of confidential information including credentials and configuration settings. BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.
    last seen2020-06-01
    modified2020-06-02
    plugin id96802
    published2017-01-26
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96802
    titleCisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN) (uncredentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96802);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
    
      script_cve_id("CVE-2016-6415");
      script_bugtraq_id(93003);
      script_xref(name:"CISCO-BUG-ID", value:"CSCvb29204");
      script_xref(name:"CISCO-SA", value:"cisco-sa-20160916-ikev1");
    
      script_name(english:"Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN) (uncredentialed check)");
      script_summary(english:"Checks IKEv1 Security Association negotiation response.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A remote device is affected by an information disclosure
    vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The IKE service running on the remote Cisco IOS device is affected by
    an information disclosure vulnerability, known as BENIGNCERTAIN, in
    the Internet Key Exchange version 1 (IKEv1) subsystem due to improper
    handling of IKEv1 security negotiation requests. An unauthenticated,
    remote attacker can exploit this issue, via a specially crafted IKEv1
    packet, to disclose memory contents, resulting in the disclosure of
    confidential information including credentials and configuration
    settings.
    
    BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and
    exploits disclosed on 2016/08/14 by a group known as the Shadow
    Brokers.");
      # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b7f2c76c");
      # https://www.riskbasedsecurity.com/2016/08/the-shadow-brokers-lifting-the-shadows-of-the-nsas-equation-group/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c7e0cf3");
      script_set_attribute(attribute:"see_also", value:"https://blogs.cisco.com/security/shadow-brokers");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to the relevant fixed version referenced in Cisco bug ID
    CSCvb29204.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/26");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"exploited_by_nessus", value:"true");
      script_end_attributes();
    
      script_category(ACT_ATTACK);
      script_family(english:"CISCO");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ike2_detect.nasl");
      script_require_ports("Services/udp/ike", 500, 848);
      script_require_keys("udp/ikev1");
    
      exit(0);
    }
    
    include("compat_shared.inc");
    include('ike1.inc');
    
    port = branch(make_list(500, 848));
    
    soc = open_sock_udp(port);
    if (! soc) 
      audit(AUDIT_SOCK_FAIL, port, 'UDP');
    
    attr_enc = ike_attr(type: IKE1_ATTR_ENC, value:IKE1_ENC_CAST_CBC);
    attr_lifet = ike_attr(type:IKE1_ATTR_LIFE_TYPE, value:IKE1_LIFE_TYPE_SECS);
    attr_lifed = ike_attr(type:IKE1_ATTR_LIFE_DURATION, value:2147483);
    attr_hash = ike_attr(type: IKE1_ATTR_HASH, value:IKE1_HASH_SHA1);
    attr_group = ike_attr(type: IKE1_ATTR_GROUP_DESCR, value:IKE_GROUP_MODP_768);
    grp_prime = crap(data:'A', length: 1000);
    attr_grp_prime = ike_attr(type: IKE1_ATTR_GROUP_PRIME_POLY, value: grp_prime); 
    attr_auth = ike_attr(type: IKE1_ATTR_AUTH, value:IKE1_AUTH_PSK);
    
    attrs = 
      attr_enc + 
      attr_lifet +
      attr_lifed +
      attr_hash + 
      attr_group +
      attr_grp_prime + 
      attr_auth;
    
    xforms[0] = ike1_payload_xform(next:IKE1_PAYLOAD_NONE, num: 1, id: KEY_IKE, attrs: attrs);
    
    spi = rand_str(length:4); 
    proposal=  ike1_payload_prop(next: IKE1_PAYLOAD_NONE,
                                 num: 1,
                                 proto: PROTO_ISAKMP,
                                 spi: spi,
                                 xforms: xforms);
    
    sa = ike1_payload_sa(next: IKE1_PAYLOAD_NONE,
                         doi: DOI_IPSEC,
                         situation: SIT_IDENTITY,
                         proposals: proposal
                         );
    
    # SA is the only payload in the first exchange in Main Mode
    payloads = sa;
    
    #
    # Create a IKEv1 PDU
    #
    icookie = rand_str(length:8);
    rcookie = crap(data:'\x00', length:8);
    hdr = ike1_hdr( icookie: icookie,
                    rcookie: rcookie,
                    payload: IKE1_PAYLOAD_SA,
                    exch: IKE1_MAIN_MODE, 
                    flags: 0,
                    msgid: 0,
                    len:IKE_HDR_SIZE + strlen(payloads));
                     
    pdu = hdr + payloads;
    
    
    res = ike1_sendrecv(socket: soc, data:pdu);
    close(soc);
    if(isnull(res)) 
      exit(0, 'No response from UDP port '+port+' to an IKEv1 Security Association negotiation request.');
    
    # Parse the response
    ret = ike1_parse(res);
    if(isnull(ret))
      audit(code:1, AUDIT_RESP_BAD, port,'an IKEv1 Security Association negotiation request: invalid IKEv1 packet', 'UDP');
    
    hdr       = ret['hdr'];
    payloads  = ret['payloads'];
     
    if(isnull(hdr))       exit(1,'Failed to get IKEv1 header in the response.');
    if(isnull(payloads))  exit(1,'Failed to get any IKEv1 payload in the response.');
    
    # - We offered an unacceptable SA.
    # - Affected cisco devices should return a 
    #   Informational exchange with a Notification payload.
    if(hdr['exch'] != ISAKMP_EXCH_INFORMATIONAL)
      exit(0, 'The remote IKEv1 daemon does not return an Informational Exchange; it may not be affected.');
    
    # First payload should be a Notification payload
    if (hdr['np'] != IKE1_PAYLOAD_NOTIFY)
    {
      audit(code:1, AUDIT_RESP_BAD, port,'an SA negotiation: Notification payload not the first payload in an Informational Exchange.', 'UDP');
    }
    
    p = payloads[0];  
    pdata = p['raw_data'];   
    if(empty_or_null(pdata))
      audit(AUDIT_RESP_BAD, port,'an SA negotiation: No data in the Notification payload.', 'UDP');
     
    notify = ike1_parse_notify(pdata); 
    if(empty_or_null(notify))
      audit(AUDIT_FN_FAIL, 'ike1_parse_notify');
    
    # Notify Message Type should be NO-PROPOSAL-CHOSEN
    if(notify['type'] != IKN1_NO_PROPOSAL_CHOSEN)
    {
      audit(AUDIT_RESP_BAD, port,'an SA negotiation: Notification message type not NO-PROPOSAL-CHOSEN.', 'UDP');
    }
    
    ndata = notify['data'];
    
    # Not affected:
    #   - No data in the Notification payload or
    #   - The entire offered SA is returned in the Notification payload.
    if (! ndata         # seen in: libreswan 
        || ndata == sa  # seen in: Cisco ASA
      )
    {
      audit(AUDIT_HOST_NOT, 'affected'); 
    }
    # Patched:
    #   - Only the hdr, DOI and Situation fields of the offered 
    #     SA are returned.
    #   - The offered proposal is NOT returned.
    else if (ndata == substr(sa, 0, 11))
    {
      exit(0, 'The remote host is patched.'); 
    } 
    # Vulnerable:
    #   - Returned Proposal payload in the notification does not 
    #     match what we sent.
    #   - The data in the returned Proposal payload may come
    #     from some memory location. 
    else if ( strlen(ndata) > 12 &&
              substr(ndata, 0, 11) == substr(sa, 0, 11) &&
              substr(ndata, 12) != proposal 
            )
           
    {
      report = 'Memory content was returned in the following Notification payload : \n\n' + 
        hexdump(ddata:pdata);
    
      security_report_v4(
        port      : port, 
        proto     : 'udp',
        severity  : SECURITY_WARNING, 
        extra     : report
      );
    }
    # Unexpected
    else
    {
      audit(AUDIT_RESP_BAD, port,'an SA negotiation. Unexpected Notification payload:\n' + hexdump(ddata:pdata), 'UDP');
    }
    
  • NASL familyCISCO
    NASL idCISCO-SA-20160916-IKEV1-IOSXE.NASL
    descriptionAccording to its self-reported version and configuration, the Cisco IOS XE software running on the remote device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 (IKEv1) subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted IKEv1 packet, to disclose memory contents, resulting in the disclosure of confidential information including credentials and configuration settings. BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.
    last seen2020-03-17
    modified2016-09-27
    plugin id93737
    published2016-09-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93737
    titleCisco IOS XE IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN)
    code
    #TRUSTED 72b9fa1b9eefcb2034a049f913a6cdbe8aba78ce4b36a6520e525426a113b681873aac883dd413f5ab10618375939366780a66346c0e98cb2c81900ccedb9c65314672b5e8a3c87b522da4b3a4508e7dc6b404747185059c8afa95875999bcd2cd0cc48f43db85d9c48fd9d74cd928c06791f4bff269b39a4e87050cadb726be2b5b6046de1531a9eccd90cb66703b6a137dbe973ccc7a772b8a8e52cfb1a569f0d199da23e617b0a0116cb5d861c2ad80564ec357a08912cf856befe13858eb1bc05d2173d03a70d631d6afd405dae3be3131c3e129ca195efc08854661c46a73950aa4abed9e8ea6dbe085e394a640df7098e671ff0ebccab2b20992e1ddf2a007da46c780df34b3885c59e138c9cb794a2be07654323aa385c9807c1242a6d26731ce47a059f77b20def1673515a634afc6b4450ba70dffa9f2a0b59d91bfe834a8be6bd29537ae8df487be16d62c24278ae7accb2a2432d30a36e3d519fd02743cbda47a8864a601759aadc80835ac764b72dc5a5886f5a77995c57d274e315ceee545eb04f40f088b29df5ce032193b390ed12d79471516d4c9ffdf80d7c366acd7a92547fa41106f68eed609537c77832f8d2d4e5de7fe8b69ebe9a35aba22a2f2caa6709e7af9529f9a862b5fd5115f3f0c24dbb41604aca6451fd17ef9625f6db5ac2680a41e3666e272fb5d8622e6f309bca32ed56af3bb0e955dd3
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93737);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2019/04/11");
    
      script_cve_id("CVE-2016-6415");
      script_bugtraq_id(93003);
      script_xref(name:"CISCO-BUG-ID", value:"CSCvb29204");
      script_xref(name:"CISCO-SA", value:"cisco-sa-20160916-ikev1");
    
      script_name(english:"Cisco IOS XE IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN)");
      script_summary(english:"Checks the IOS XE version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version and configuration, the Cisco
    IOS XE software running on the remote device is affected by an
    information disclosure vulnerability, known as BENIGNCERTAIN, in the
    Internet Key Exchange version 1 (IKEv1) subsystem due to improper
    handling of IKEv1 security negotiation requests. An unauthenticated,
    remote attacker can exploit this issue, via a specially crafted IKEv1
    packet, to disclose memory contents, resulting in the disclosure of
    confidential information including credentials and configuration
    settings.
    
    BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and
    exploits disclosed on 2016/08/14 by a group known as the Shadow
    Brokers.");
      # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b7f2c76c");
      # https://www.riskbasedsecurity.com/2016/08/the-shadow-brokers-lifting-the-shadows-of-the-nsas-equation-group/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c7e0cf3");
      script_set_attribute(attribute:"see_also", value:"https://blogs.cisco.com/security/shadow-brokers");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to the relevant fixed version referenced in Cisco bug ID
    CSCvb29204.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CISCO");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("cisco_ios_xe_version.nasl");
      script_require_keys("Host/Cisco/IOS-XE/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("cisco_func.inc");
    include("cisco_kb_cmd_func.inc");
    
    ver = get_kb_item_or_exit("Host/Cisco/IOS-XE/Version");
    
    flag = 0;
    override = 0;
    
    # Check for vuln version
    if ( ver == "3.1.0S" ) flag++;
    else if ( ver == "3.1.1S" ) flag++;
    else if ( ver == "3.1.2S" ) flag++;
    else if ( ver == "3.1.3aS" ) flag++;
    else if ( ver == "3.1.4aS" ) flag++;
    else if ( ver == "3.1.4S" ) flag++;
    else if ( ver == "3.2.1S" ) flag++;
    else if ( ver == "3.2.2S" ) flag++;
    else if ( ver == "3.3.0S" ) flag++;
    else if ( ver == "3.3.0SG" ) flag++;
    else if ( ver == "3.3.1S" ) flag++;
    else if ( ver == "3.3.1SG" ) flag++;
    else if ( ver == "3.3.2S" ) flag++;
    else if ( ver == "3.3.2SG" ) flag++;
    else if ( ver == "3.4.0aS" ) flag++;
    else if ( ver == "3.4.0S" ) flag++;
    else if ( ver == "3.4.0SG" ) flag++;
    else if ( ver == "3.4.1S" ) flag++;
    else if ( ver == "3.4.1SG" ) flag++;
    else if ( ver == "3.4.2S" ) flag++;
    else if ( ver == "3.4.2SG" ) flag++;
    else if ( ver == "3.4.3S" ) flag++;
    else if ( ver == "3.4.3SG" ) flag++;
    else if ( ver == "3.4.4S" ) flag++;
    else if ( ver == "3.4.4SG" ) flag++;
    else if ( ver == "3.4.5S" ) flag++;
    else if ( ver == "3.4.5SG" ) flag++;
    else if ( ver == "3.4.6S" ) flag++;
    else if ( ver == "3.4.6SG" ) flag++;
    else if ( ver == "3.4.7SG" ) flag++;
    else if ( ver == "3.5.0E" ) flag++;
    else if ( ver == "3.5.0S" ) flag++;
    else if ( ver == "3.5.1E" ) flag++;
    else if ( ver == "3.5.1S" ) flag++;
    else if ( ver == "3.5.2E" ) flag++;
    else if ( ver == "3.5.2S" ) flag++;
    else if ( ver == "3.5.3E" ) flag++;
    else if ( ver == "3.6.0E" ) flag++;
    else if ( ver == "3.6.0S" ) flag++;
    else if ( ver == "3.6.1E" ) flag++;
    else if ( ver == "3.6.1S" ) flag++;
    else if ( ver == "3.6.2aE" ) flag++;
    else if ( ver == "3.6.2E" ) flag++;
    else if ( ver == "3.6.2S" ) flag++;
    else if ( ver == "3.6.4E" ) flag++;
    else if ( ver == "3.6.5E" ) flag++;
    else if ( ver == "3.7.0E" ) flag++;
    else if ( ver == "3.7.0S" ) flag++;
    else if ( ver == "3.7.1E" ) flag++;
    else if ( ver == "3.7.1S" ) flag++;
    else if ( ver == "3.7.2E" ) flag++;
    else if ( ver == "3.7.2S" ) flag++;
    else if ( ver == "3.7.2tS" ) flag++;
    else if ( ver == "3.7.3E" ) flag++;
    else if ( ver == "3.7.3S" ) flag++;
    else if ( ver == "3.7.4aS" ) flag++;
    else if ( ver == "3.7.4S" ) flag++;
    else if ( ver == "3.7.5E" ) flag++;
    else if ( ver == "3.7.5S" ) flag++;
    else if ( ver == "3.7.6S" ) flag++;
    else if ( ver == "3.7.7S" ) flag++;
    else if ( ver == "3.8.0E" ) flag++;
    else if ( ver == "3.8.0S" ) flag++;
    else if ( ver == "3.8.1E" ) flag++;
    else if ( ver == "3.8.1S" ) flag++;
    else if ( ver == "3.8.2E" ) flag++;
    else if ( ver == "3.8.2S" ) flag++;
    else if ( ver == "3.9.0aS" ) flag++;
    else if ( ver == "3.9.0E" ) flag++;
    else if ( ver == "3.9.0S" ) flag++;
    else if ( ver == "3.9.1aS" ) flag++;
    else if ( ver == "3.9.1S" ) flag++;
    else if ( ver == "3.9.2S" ) flag++;
    else if ( ver == "3.10.0S" ) flag++;
    else if ( ver == "3.10.1S" ) flag++;
    else if ( ver == "3.10.1xbS" ) flag++;
    else if ( ver == "3.10.2S" ) flag++;
    else if ( ver == "3.10.2tS" ) flag++;
    else if ( ver == "3.10.3S" ) flag++;
    else if ( ver == "3.10.4S" ) flag++;
    else if ( ver == "3.10.5S" ) flag++;
    else if ( ver == "3.10.6S" ) flag++;
    else if ( ver == "3.10.7S" ) flag++;
    else if ( ver == "3.11.0S" ) flag++;
    else if ( ver == "3.11.1S" ) flag++;
    else if ( ver == "3.11.2S" ) flag++;
    else if ( ver == "3.11.3S" ) flag++;
    else if ( ver == "3.11.4S" ) flag++;
    else if ( ver == "3.12.0aS" ) flag++;
    else if ( ver == "3.12.0S" ) flag++;
    else if ( ver == "3.12.1S" ) flag++;
    else if ( ver == "3.12.2S" ) flag++;
    else if ( ver == "3.12.3S" ) flag++;
    else if ( ver == "3.12.4S" ) flag++;
    else if ( ver == "3.13.0aS" ) flag++;
    else if ( ver == "3.13.0S" ) flag++;
    else if ( ver == "3.13.1S" ) flag++;
    else if ( ver == "3.13.2aS" ) flag++;
    else if ( ver == "3.13.2S" ) flag++;
    else if ( ver == "3.13.3S" ) flag++;
    else if ( ver == "3.13.4S" ) flag++;
    else if ( ver == "3.13.5aS" ) flag++;
    else if ( ver == "3.13.5S" ) flag++;
    else if ( ver == "3.13.6aS" ) flag++;
    else if ( ver == "3.13.6S" ) flag++;
    else if ( ver == "3.14.0S" ) flag++;
    else if ( ver == "3.14.1S" ) flag++;
    else if ( ver == "3.14.2S" ) flag++;
    else if ( ver == "3.14.3S" ) flag++;
    else if ( ver == "3.14.4S" ) flag++;
    else if ( ver == "3.15.0S" ) flag++;
    else if ( ver == "3.15.1cS" ) flag++;
    else if ( ver == "3.15.1S" ) flag++;
    else if ( ver == "3.15.2S" ) flag++;
    else if ( ver == "3.15.3S" ) flag++;
    else if ( ver == "3.16.0cS" ) flag++;
    else if ( ver == "3.16.0S" ) flag++;
    else if ( ver == "3.16.1aS" ) flag++;
    else if ( ver == "3.16.1S" ) flag++;
    else if ( ver == "3.16.2aS" ) flag++;
    else if ( ver == "3.16.2S" ) flag++;
    else if ( ver == "3.17.0S" ) flag++;
    else if ( ver == "3.17.1S" ) flag++;
    else if ( ver == "3.17.2S" ) flag++;
    else if ( ver == "3.18.0S" ) flag++;
    else if ( ver == "3.18.1S" ) flag++;
    else if ( ver == "3.18.2S" ) flag++;
    
    # Check that IKEv1 config or IKEv1 is running
    cmd_list = make_list();
    if (flag && get_kb_item("Host/local_checks_enabled"))
    {
      flag = 0;
    
      # Check for condition 1, IKEv1 config
      buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config","show running-config");
      if (check_cisco_result(buf))
      {
        if (
          "crypto gdoi" >< buf
          ||
          "crypto map" >< buf
          ||
          "tunnel protection ipsec" >< buf
        )
        {
          flag = 1;
          cmd_list = make_list("show running-config");
        }
      }
      else if (cisco_needs_enable(buf))
      {
        flag = 1;
        override = 1;
      }
    
      # Check for condition 2, IKEv1 is running
      if (flag)
      {
        flag = 0;
    
        pat = "(\d+.\d+.\d+.\d+|.*:.*|UNKNOWN|--any--)\s+(500|848|4500|4848)\s";
        buf = cisco_command_kb_item("Host/Cisco/Config/show_ip_sockets","show ip sockets");
        if (!flag)
        {
          if (check_cisco_result(buf))
          {
            if (
              preg(multiline:TRUE, pattern:pat, string:buf)
            )
            {
              flag = 1;
              cmd_list = make_list(cmd_list, "show ip sockets");
            }
          }
          else if (cisco_needs_enable(buf))
          {
            flag = 1;
            override = 1;
          }
        }
    
        if (!flag)
        {
          buf = cisco_command_kb_item("Host/Cisco/Config/show_udp","show udp");
          if (check_cisco_result(buf))
          {
            if (
              preg(multiline:TRUE, pattern:pat, string:buf)
            )
            {
              flag = 1;
              cmd_list = make_list(cmd_list, "show udp");
            }
          }
          else if (cisco_needs_enable(buf))
          {
            flag = 1;
            override = 1;
          }
        }
      }
    }
    
    if (flag)
    {
      security_report_cisco(
        port     : 0,
        severity : SECURITY_WARNING,
        override : override,
        version  : ver,
        bug_id   : 'CSCvb29204',
        cmds     : cmd_list
      );
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCISCO
    NASL idCISCO-SA-20160916-IKEV1-IOSXR.NASL
    descriptionAccording to its self-reported version and configuration, the Cisco IOS XR software running on the remote device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 (IKEv1) subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted IKEv1 packet, to disclose memory contents, resulting in the disclosure of confidential information including credentials and configuration settings. BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.
    last seen2020-03-17
    modified2016-09-27
    plugin id93738
    published2016-09-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93738
    titleCisco IOS XR IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN)
    code
    #TRUSTED 3ae37a95b72bc2c7b2b66eda00eb506af8d3219ab4bd85afca8cb4d66320f741f7e91207f14a7d9df12c11ddec834a28a1a592e60568477b0791644f7c306fbc52fb2cf0efc23e5fe189e9bee93a953b3521c6c56a2f11bbcfaae7248f4733cb28a0aba50a803949bfc1c79d4b01877b712b415a727e397a9e969593288250265c413dcdfd0d956af36bc8815134a4bb0d175078a7eb61d12b54f7e2a98b3e1fd804a29f7850da03f8a899b4cbb38f1ef3be3d9be9ca706d5f08db4c2412b8ff9535f6bbf2689b89e2d02be5e3254651398954d8a381c6da27b75d7ff29985d0af896cb39e67c51d55d676f106c73ebe4ba07c5890e31447aa4c9a9f7eeaee7d430442ff0752626e4a67433691f33f3d341f786deeaf4c6fa720ba426fcd20989c9d8da7fad188357981956f4903a56f79cdedf291659b5b05d5929957c29d22be7a1995ab68ce89fd320e44dc7360416376697c1031ac3fa21e92f5d2eff7296d8ce99a87462efaef97de439078419085d97bb79b8d757fee7fe55a49a32cb8c2199078485d68cdabe2935e5943104ff5010a858c8fd850018c610451d2d3209f88e5e5dea0744a8690024c6744968bb00c8900e83f01d1ac5fb093fe1a1a13b003eadf783cb63ea9c71a0d1500fd5b91123119838466d3ba87684c98b0ceab79d6588d8d1cc6da36af696115fac898979d2a85d0b86629777282708b8276f1
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93738);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2019/04/11");
    
      script_cve_id("CVE-2016-6415");
      script_bugtraq_id(93003);
      script_xref(name:"CISCO-BUG-ID", value:"CSCvb29204");
      script_xref(name:"CISCO-SA", value:"cisco-sa-20160916-ikev1");
    
      script_name(english:"Cisco IOS XR IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN)");
      script_summary(english:"Checks the IOS XR version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version and configuration, the Cisco
    IOS XR software running on the remote device is affected by an
    information disclosure vulnerability, known as BENIGNCERTAIN, in the
    Internet Key Exchange version 1 (IKEv1) subsystem due to improper
    handling of IKEv1 security negotiation requests. An unauthenticated,
    remote attacker can exploit this issue, via a specially crafted IKEv1
    packet, to disclose memory contents, resulting in the disclosure of
    confidential information including credentials and configuration
    settings.
    
    BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and
    exploits disclosed on 2016/08/14 by a group known as the Shadow
    Brokers.");
      # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b7f2c76c");
      # https://www.riskbasedsecurity.com/2016/08/the-shadow-brokers-lifting-the-shadows-of-the-nsas-equation-group/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c7e0cf3");
      script_set_attribute(attribute:"see_also", value:"https://blogs.cisco.com/security/shadow-brokers");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to the relevant fixed version referenced in Cisco bug ID
    CSCvb29204.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CISCO");
    
      script_dependencies("cisco_ios_xr_version.nasl");
      script_require_keys("Host/Cisco/IOS-XR/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("cisco_func.inc");
    include("cisco_kb_cmd_func.inc");
    
    version  = get_kb_item_or_exit("Host/Cisco/IOS-XR/Version");
    
    flag     = FALSE;
    override = FALSE;
    
    if (
      version =~ "^4\.3\."
      ||
      version =~ "^5\.0\."
      ||
      version =~ "^5\.1\."
      ||
      version =~ "^5\.2\."
    )
      flag = TRUE;
    
    # Check that IKEv1 config or IKEv1 is running
    cmd_list = make_list();
    if (flag && get_kb_item("Host/local_checks_enabled"))
    {
      flag = 0;
    
      # Check for condition 1, IKEv1 config
      buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config","show running-config");
      if (check_cisco_result(buf))
      {
        if (
          "crypto gdoi" >< buf
          ||
          "crypto map" >< buf
          ||
          "tunnel protection ipsec" >< buf
        )
        {
          flag = 1;
          cmd_list = make_list("show running-config");
        }
      }
      else if (cisco_needs_enable(buf))
      {
        flag = 1;
        override = 1;
      }
    
      # Check for condition 2, IKEv1 is running
      if (flag)
      {
        flag = 0;
    
        pat = "(\d+.\d+.\d+.\d+|.*:.*|UNKNOWN|--any--)\s+(500|848|4500|4848)\s";
        buf = cisco_command_kb_item("Host/Cisco/Config/show_ip_sockets","show ip sockets");
        if (!flag)
        {
          if (check_cisco_result(buf))
          {
            if (
              preg(multiline:TRUE, pattern:pat, string:buf)
            )
            {
              cmd_list = make_list(cmd_list, "show ip sockets");
              flag = 1;
            }
          }
          else if (cisco_needs_enable(buf))
          {
            flag = 1;
            override = 1;
          }
        }
    
        if (!flag)
        {
          buf = cisco_command_kb_item("Host/Cisco/Config/show_udp","show udp");
          if (check_cisco_result(buf))
          {
            if (
              preg(multiline:TRUE, pattern:pat, string:buf)
            )
            {
              flag = 1;
              cmd_list = make_list(cmd_list, "show udp");
            }
          }
          else if (cisco_needs_enable(buf))
          {
            flag = 1;
            override = 1;
          }
        }
      }
    }
    
    if (flag)
    {
      security_report_cisco(
        port     : 0,
        severity : SECURITY_WARNING,
        override : override,
        version  : version,
        bug_id   : "CSCvb29204",
        cmds     : cmd_list
      );
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCISCO
    NASL idCISCO-SA-20160916-IKEV1-IOS.NASL
    descriptionAccording to its self-reported version and configuration, the Cisco IOS software running on the remote device is affected by an information disclosure vulnerability, known as BENIGNCERTAIN, in the Internet Key Exchange version 1 (IKEv1) subsystem due to improper handling of IKEv1 security negotiation requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted IKEv1 packet, to disclose memory contents, resulting in the disclosure of confidential information including credentials and configuration settings. BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2016/08/14 by a group known as the Shadow Brokers.
    last seen2020-03-17
    modified2016-09-27
    plugin id93736
    published2016-09-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93736
    titleCisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN)
    code
    #TRUSTED 1b6e49d838709096ba7b5c16e0feedf8198269e637fcd85a0bfd25607e4265d39571866be15c2b2441a83024eb3ac0a35feb76fa6a12539cd5a5f9207c026773c5cec844240c67577c315c5bab64de8f11f073b4ab050b05a2ad67e6c6dd302dc439bf24ad3941d1ddb7d6912df37cb082f2b25357fec672cde25197a80d35c85726c6696de1e2cc772b440efc6f856a0f83ed7defaf006246d99a3fb2ccbd36e3c0db562c22344938c43abb7c542adcf645f5e2ec1690c59fabb12fcd12eee9beac0f21e3458ce40e498beceba2f7885a912f628084ed0a28b37ed8045ed0126e5db66de38a7de90904fe50dc6d9a356f54ee199f04c77edf369efcbb3a026c83d5590bf3a14fbe8e1b85a7926f6bcd733a40da783493931e454b9b685cdfc8075bc9de9c5d8f37d4d91281dca512eb7e8dfd10d5c1d3e21e66e53ebeb9a43f443f267f0d596bb0ce71afb0eaab06cd8896ad43ded5e806fef2a02b8845c443530f40f5410704deeb0615c90f64e547405e918f118dc157d357db5f66a55864d036f18acb20a252ebeb5d68cfa1613c842652bdb97976cf114127591460397bc3c6030d7f07aca612e9f2c5c81fb0bd1ca2af169e277a8c7b7b7893f02396b78c2174f6524bf41dfdbd7788791c75ea547e9d314c18cf50ac98affc13dd1b79966288cffcf40ca7a5e8d84151d09bbb41a7822b1fb28f0f572cc17b28269769
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93736);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2019/04/11");
    
      script_cve_id("CVE-2016-6415");
      script_bugtraq_id(93003);
      script_xref(name:"CISCO-BUG-ID", value:"CSCvb29204");
      script_xref(name:"CISCO-SA", value:"cisco-sa-20160916-ikev1");
    
      script_name(english:"Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERTAIN)");
      script_summary(english:"Checks the IOS version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version and configuration, the Cisco
    IOS software running on the remote device is affected by an
    information disclosure vulnerability, known as BENIGNCERTAIN, in the
    Internet Key Exchange version 1 (IKEv1) subsystem due to improper
    handling of IKEv1 security negotiation requests. An unauthenticated,
    remote attacker can exploit this issue, via a specially crafted IKEv1
    packet, to disclose memory contents, resulting in the disclosure of
    confidential information including credentials and configuration
    settings.
    
    BENIGNCERTAIN is one of multiple Equation Group vulnerabilities and
    exploits disclosed on 2016/08/14 by a group known as the Shadow
    Brokers.");
      # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b7f2c76c");
      # https://www.riskbasedsecurity.com/2016/08/the-shadow-brokers-lifting-the-shadows-of-the-nsas-equation-group/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c7e0cf3");
      script_set_attribute(attribute:"see_also", value:"https://blogs.cisco.com/security/shadow-brokers");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to the relevant fixed version referenced in Cisco bug ID
    CSCvb29204.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/27");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CISCO");
    
      script_dependencies("cisco_ios_version.nasl");
      script_require_keys("Host/Cisco/IOS/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("cisco_func.inc");
    include("cisco_kb_cmd_func.inc");
    
    flag = 0;
    override = 0;
    
    ver = get_kb_item_or_exit("Host/Cisco/IOS/Version");
    
    # Check for vuln version
    if ( ver == "12.2(18)IXA" ) flag++;
    else if ( ver == "12.2(18)IXB" ) flag++;
    else if ( ver == "12.2(18)IXB1" ) flag++;
    else if ( ver == "12.2(18)IXB2" ) flag++;
    else if ( ver == "12.2(18)IXC" ) flag++;
    else if ( ver == "12.2(18)IXD" ) flag++;
    else if ( ver == "12.2(18)IXD1" ) flag++;
    else if ( ver == "12.2(18)IXE" ) flag++;
    else if ( ver == "12.2(18)IXF" ) flag++;
    else if ( ver == "12.2(18)IXF1" ) flag++;
    else if ( ver == "12.2(18)IXG" ) flag++;
    else if ( ver == "12.2(18)IXH" ) flag++;
    else if ( ver == "12.2(18)IXH1" ) flag++;
    else if ( ver == "12.2(18)SXD" ) flag++;
    else if ( ver == "12.2(18)SXD1" ) flag++;
    else if ( ver == "12.2(18)SXD2" ) flag++;
    else if ( ver == "12.2(18)SXD3" ) flag++;
    else if ( ver == "12.2(18)SXD4" ) flag++;
    else if ( ver == "12.2(18)SXD5" ) flag++;
    else if ( ver == "12.2(18)SXD6" ) flag++;
    else if ( ver == "12.2(18)SXD7" ) flag++;
    else if ( ver == "12.2(18)SXD7a" ) flag++;
    else if ( ver == "12.2(18)SXD7b" ) flag++;
    else if ( ver == "12.2(18)SXE" ) flag++;
    else if ( ver == "12.2(18)SXE1" ) flag++;
    else if ( ver == "12.2(18)SXE2" ) flag++;
    else if ( ver == "12.2(18)SXE3" ) flag++;
    else if ( ver == "12.2(18)SXE4" ) flag++;
    else if ( ver == "12.2(18)SXE5" ) flag++;
    else if ( ver == "12.2(18)SXE6" ) flag++;
    else if ( ver == "12.2(18)SXE6a" ) flag++;
    else if ( ver == "12.2(18)SXE6b" ) flag++;
    else if ( ver == "12.2(18)SXF" ) flag++;
    else if ( ver == "12.2(18)SXF1" ) flag++;
    else if ( ver == "12.2(18)SXF10" ) flag++;
    else if ( ver == "12.2(18)SXF10a" ) flag++;
    else if ( ver == "12.2(18)SXF11" ) flag++;
    else if ( ver == "12.2(18)SXF12" ) flag++;
    else if ( ver == "12.2(18)SXF12a" ) flag++;
    else if ( ver == "12.2(18)SXF13" ) flag++;
    else if ( ver == "12.2(18)SXF13a" ) flag++;
    else if ( ver == "12.2(18)SXF13b" ) flag++;
    else if ( ver == "12.2(18)SXF14" ) flag++;
    else if ( ver == "12.2(18)SXF15" ) flag++;
    else if ( ver == "12.2(18)SXF15a" ) flag++;
    else if ( ver == "12.2(18)SXF16" ) flag++;
    else if ( ver == "12.2(18)SXF17" ) flag++;
    else if ( ver == "12.2(18)SXF17a" ) flag++;
    else if ( ver == "12.2(18)SXF17b" ) flag++;
    else if ( ver == "12.2(18)SXF2" ) flag++;
    else if ( ver == "12.2(18)SXF3" ) flag++;
    else if ( ver == "12.2(18)SXF4" ) flag++;
    else if ( ver == "12.2(18)SXF5" ) flag++;
    else if ( ver == "12.2(18)SXF6" ) flag++;
    else if ( ver == "12.2(18)SXF7" ) flag++;
    else if ( ver == "12.2(18)SXF8" ) flag++;
    else if ( ver == "12.2(18)SXF9" ) flag++;
    else if ( ver == "12.2(18)ZU" ) flag++;
    else if ( ver == "12.2(18)ZU1" ) flag++;
    else if ( ver == "12.2(18)ZU2" ) flag++;
    else if ( ver == "12.2(18)ZY" ) flag++;
    else if ( ver == "12.2(18)ZY1" ) flag++;
    else if ( ver == "12.2(18)ZY2" ) flag++;
    else if ( ver == "12.2(18)ZYA" ) flag++;
    else if ( ver == "12.2(18)ZYA1" ) flag++;
    else if ( ver == "12.2(18)ZYA2" ) flag++;
    else if ( ver == "12.2(18)ZYA3" ) flag++;
    else if ( ver == "12.2(18)ZYA3a" ) flag++;
    else if ( ver == "12.2(18)ZYA3b" ) flag++;
    else if ( ver == "12.2(18)ZYA3c" ) flag++;
    else if ( ver == "12.2(33)CX" ) flag++;
    else if ( ver == "12.2(33)CY" ) flag++;
    else if ( ver == "12.2(33)CY1" ) flag++;
    else if ( ver == "12.2(33)IRA" ) flag++;
    else if ( ver == "12.2(33)IRB" ) flag++;
    else if ( ver == "12.2(33)IRC" ) flag++;
    else if ( ver == "12.2(33)IRD" ) flag++;
    else if ( ver == "12.2(33)IRE" ) flag++;
    else if ( ver == "12.2(33)IRE1" ) flag++;
    else if ( ver == "12.2(33)IRE2" ) flag++;
    else if ( ver == "12.2(33)IRF" ) flag++;
    else if ( ver == "12.2(33)IRG" ) flag++;
    else if ( ver == "12.2(33)IRG1" ) flag++;
    else if ( ver == "12.2(33)IRH" ) flag++;
    else if ( ver == "12.2(33)IRH1" ) flag++;
    else if ( ver == "12.2(33)IRI" ) flag++;
    else if ( ver == "12.2(33)MRA" ) flag++;
    else if ( ver == "12.2(33)MRB" ) flag++;
    else if ( ver == "12.2(33)MRB1" ) flag++;
    else if ( ver == "12.2(33)MRB2" ) flag++;
    else if ( ver == "12.2(33)MRB3" ) flag++;
    else if ( ver == "12.2(33)MRB4" ) flag++;
    else if ( ver == "12.2(33)MRB5" ) flag++;
    else if ( ver == "12.2(33)MRB6" ) flag++;
    else if ( ver == "12.2(33)SB" ) flag++;
    else if ( ver == "12.2(33)SB1" ) flag++;
    else if ( ver == "12.2(33)SB2" ) flag++;
    else if ( ver == "12.2(33)SB3" ) flag++;
    else if ( ver == "12.2(33)SB4" ) flag++;
    else if ( ver == "12.2(33)SCA" ) flag++;
    else if ( ver == "12.2(33)SCA1" ) flag++;
    else if ( ver == "12.2(33)SCA2" ) flag++;
    else if ( ver == "12.2(33)SCB" ) flag++;
    else if ( ver == "12.2(33)SCB1" ) flag++;
    else if ( ver == "12.2(33)SCB10" ) flag++;
    else if ( ver == "12.2(33)SCB11" ) flag++;
    else if ( ver == "12.2(33)SCB2" ) flag++;
    else if ( ver == "12.2(33)SCB3" ) flag++;
    else if ( ver == "12.2(33)SCB4" ) flag++;
    else if ( ver == "12.2(33)SCB5" ) flag++;
    else if ( ver == "12.2(33)SCB6" ) flag++;
    else if ( ver == "12.2(33)SCB7" ) flag++;
    else if ( ver == "12.2(33)SCB8" ) flag++;
    else if ( ver == "12.2(33)SCB9" ) flag++;
    else if ( ver == "12.2(33)SCC" ) flag++;
    else if ( ver == "12.2(33)SCC1" ) flag++;
    else if ( ver == "12.2(33)SCC2" ) flag++;
    else if ( ver == "12.2(33)SCC3" ) flag++;
    else if ( ver == "12.2(33)SCC4" ) flag++;
    else if ( ver == "12.2(33)SCC5" ) flag++;
    else if ( ver == "12.2(33)SCC6" ) flag++;
    else if ( ver == "12.2(33)SCC7" ) flag++;
    else if ( ver == "12.2(33)SCD" ) flag++;
    else if ( ver == "12.2(33)SCD1" ) flag++;
    else if ( ver == "12.2(33)SCD2" ) flag++;
    else if ( ver == "12.2(33)SCD3" ) flag++;
    else if ( ver == "12.2(33)SCD4" ) flag++;
    else if ( ver == "12.2(33)SCD5" ) flag++;
    else if ( ver == "12.2(33)SCD6" ) flag++;
    else if ( ver == "12.2(33)SCD7" ) flag++;
    else if ( ver == "12.2(33)SCD8" ) flag++;
    else if ( ver == "12.2(33)SCE" ) flag++;
    else if ( ver == "12.2(33)SCE1" ) flag++;
    else if ( ver == "12.2(33)SCE2" ) flag++;
    else if ( ver == "12.2(33)SCE3" ) flag++;
    else if ( ver == "12.2(33)SCE4" ) flag++;
    else if ( ver == "12.2(33)SCE5" ) flag++;
    else if ( ver == "12.2(33)SCE6" ) flag++;
    else if ( ver == "12.2(33)SCF" ) flag++;
    else if ( ver == "12.2(33)SCF1" ) flag++;
    else if ( ver == "12.2(33)SCF2" ) flag++;
    else if ( ver == "12.2(33)SCF3" ) flag++;
    else if ( ver == "12.2(33)SCF4" ) flag++;
    else if ( ver == "12.2(33)SCF5" ) flag++;
    else if ( ver == "12.2(33)SCG" ) flag++;
    else if ( ver == "12.2(33)SCG1" ) flag++;
    else if ( ver == "12.2(33)SCG2" ) flag++;
    else if ( ver == "12.2(33)SCG3" ) flag++;
    else if ( ver == "12.2(33)SCG4" ) flag++;
    else if ( ver == "12.2(33)SCG5" ) flag++;
    else if ( ver == "12.2(33)SCG6" ) flag++;
    else if ( ver == "12.2(33)SCG7" ) flag++;
    else if ( ver == "12.2(33)SCH" ) flag++;
    else if ( ver == "12.2(33)SCH0a" ) flag++;
    else if ( ver == "12.2(33)SCH1" ) flag++;
    else if ( ver == "12.2(33)SCH2" ) flag++;
    else if ( ver == "12.2(33)SCH2a" ) flag++;
    else if ( ver == "12.2(33)SCH3" ) flag++;
    else if ( ver == "12.2(33)SCH4" ) flag++;
    else if ( ver == "12.2(33)SCH5" ) flag++;
    else if ( ver == "12.2(33)SCH6" ) flag++;
    else if ( ver == "12.2(33)SCI" ) flag++;
    else if ( ver == "12.2(33)SCI1" ) flag++;
    else if ( ver == "12.2(33)SCI1a" ) flag++;
    else if ( ver == "12.2(33)SCI2" ) flag++;
    else if ( ver == "12.2(33)SCI2a" ) flag++;
    else if ( ver == "12.2(33)SCI3" ) flag++;
    else if ( ver == "12.2(33)SCJ" ) flag++;
    else if ( ver == "12.2(33)SCJ1" ) flag++;
    else if ( ver == "12.2(33)SCJ1a" ) flag++;
    else if ( ver == "12.2(33)SCJ1b" ) flag++;
    else if ( ver == "12.2(33)SCJ2" ) flag++;
    else if ( ver == "12.2(33)SCJ2a" ) flag++;
    else if ( ver == "12.2(33)SRA" ) flag++;
    else if ( ver == "12.2(33)SRA1" ) flag++;
    else if ( ver == "12.2(33)SRA2" ) flag++;
    else if ( ver == "12.2(33)SRA3" ) flag++;
    else if ( ver == "12.2(33)SRA4" ) flag++;
    else if ( ver == "12.2(33)SRA5" ) flag++;
    else if ( ver == "12.2(33)SRA6" ) flag++;
    else if ( ver == "12.2(33)SRA7" ) flag++;
    else if ( ver == "12.2(33)SRB" ) flag++;
    else if ( ver == "12.2(33)SRB1" ) flag++;
    else if ( ver == "12.2(33)SRB2" ) flag++;
    else if ( ver == "12.2(33)SRB3" ) flag++;
    else if ( ver == "12.2(33)SRB4" ) flag++;
    else if ( ver == "12.2(33)SRB5" ) flag++;
    else if ( ver == "12.2(33)SRB5a" ) flag++;
    else if ( ver == "12.2(33)SRB6" ) flag++;
    else if ( ver == "12.2(33)SRB7" ) flag++;
    else if ( ver == "12.2(33)SRC" ) flag++;
    else if ( ver == "12.2(33)SRC1" ) flag++;
    else if ( ver == "12.2(33)SRC2" ) flag++;
    else if ( ver == "12.2(33)SRC3" ) flag++;
    else if ( ver == "12.2(33)SRC4" ) flag++;
    else if ( ver == "12.2(33)SRC5" ) flag++;
    else if ( ver == "12.2(33)SRC6" ) flag++;
    else if ( ver == "12.2(33)SRD" ) flag++;
    else if ( ver == "12.2(33)SRD1" ) flag++;
    else if ( ver == "12.2(33)SRD2" ) flag++;
    else if ( ver == "12.2(33)SRD2a" ) flag++;
    else if ( ver == "12.2(33)SRD3" ) flag++;
    else if ( ver == "12.2(33)SRD4" ) flag++;
    else if ( ver == "12.2(33)SRD4a" ) flag++;
    else if ( ver == "12.2(33)SRD5" ) flag++;
    else if ( ver == "12.2(33)SRD6" ) flag++;
    else if ( ver == "12.2(33)SRD7" ) flag++;
    else if ( ver == "12.2(33)SRD8" ) flag++;
    else if ( ver == "12.2(33)SRE" ) flag++;
    else if ( ver == "12.2(33)SRE0a" ) flag++;
    else if ( ver == "12.2(33)SRE1" ) flag++;
    else if ( ver == "12.2(33)SRE10" ) flag++;
    else if ( ver == "12.2(33)SRE11" ) flag++;
    else if ( ver == "12.2(33)SRE12" ) flag++;
    else if ( ver == "12.2(33)SRE13" ) flag++;
    else if ( ver == "12.2(33)SRE14" ) flag++;
    else if ( ver == "12.2(33)SRE15" ) flag++;
    else if ( ver == "12.2(33)SRE2" ) flag++;
    else if ( ver == "12.2(33)SRE3" ) flag++;
    else if ( ver == "12.2(33)SRE4" ) flag++;
    else if ( ver == "12.2(33)SRE5" ) flag++;
    else if ( ver == "12.2(33)SRE6" ) flag++;
    else if ( ver == "12.2(33)SRE7" ) flag++;
    else if ( ver == "12.2(33)SRE7a" ) flag++;
    else if ( ver == "12.2(33)SRE8" ) flag++;
    else if ( ver == "12.2(33)SRE9" ) flag++;
    else if ( ver == "12.2(33)SRE9a" ) flag++;
    else if ( ver == "12.2(33)SXH" ) flag++;
    else if ( ver == "12.2(33)SXH0a" ) flag++;
    else if ( ver == "12.2(33)SXH1" ) flag++;
    else if ( ver == "12.2(33)SXH2" ) flag++;
    else if ( ver == "12.2(33)SXH2a" ) flag++;
    else if ( ver == "12.2(33)SXH3" ) flag++;
    else if ( ver == "12.2(33)SXH3a" ) flag++;
    else if ( ver == "12.2(33)SXH4" ) flag++;
    else if ( ver == "12.2(33)SXH5" ) flag++;
    else if ( ver == "12.2(33)SXH6" ) flag++;
    else if ( ver == "12.2(33)SXI" ) flag++;
    else if ( ver == "12.2(33)SXI1" ) flag++;
    else if ( ver == "12.2(33)SXI2" ) flag++;
    else if ( ver == "12.2(33)SXI2a" ) flag++;
    else if ( ver == "12.2(33)SXI3" ) flag++;
    else if ( ver == "12.2(33)SXI3a" ) flag++;
    else if ( ver == "12.2(33)XN" ) flag++;
    else if ( ver == "12.2(33)XN1" ) flag++;
    else if ( ver == "12.2(33)ZI" ) flag++;
    else if ( ver == "12.2(33)ZW" ) flag++;
    else if ( ver == "12.2(33)ZZ" ) flag++;
    else if ( ver == "12.2(40)SE" ) flag++;
    else if ( ver == "12.2(44)SE" ) flag++;
    else if ( ver == "12.2(44)SE1" ) flag++;
    else if ( ver == "12.2(44)SE2" ) flag++;
    else if ( ver == "12.2(44)SE3" ) flag++;
    else if ( ver == "12.2(44)SE5" ) flag++;
    else if ( ver == "12.2(44)SE6" ) flag++;
    else if ( ver == "12.2(46)SE" ) flag++;
    else if ( ver == "12.2(50)SE" ) flag++;
    else if ( ver == "12.2(50)SE1" ) flag++;
    else if ( ver == "12.2(50)SE3" ) flag++;
    else if ( ver == "12.2(50)SE4" ) flag++;
    else if ( ver == "12.2(50)SE5" ) flag++;
    else if ( ver == "12.2(50)SY" ) flag++;
    else if ( ver == "12.2(50)SY1" ) flag++;
    else if ( ver == "12.2(50)SY2" ) flag++;
    else if ( ver == "12.2(50)SY3" ) flag++;
    else if ( ver == "12.2(50)SY4" ) flag++;
    else if ( ver == "12.2(52)SE" ) flag++;
    else if ( ver == "12.2(55)SE" ) flag++;
    else if ( ver == "12.2(55)SE10" ) flag++;
    else if ( ver == "12.2(55)SE11" ) flag++;
    else if ( ver == "12.2(55)SE3" ) flag++;
    else if ( ver == "12.2(55)SE4" ) flag++;
    else if ( ver == "12.2(55)SE5" ) flag++;
    else if ( ver == "12.2(55)SE6" ) flag++;
    else if ( ver == "12.2(55)SE7" ) flag++;
    else if ( ver == "12.2(55)SE8" ) flag++;
    else if ( ver == "12.2(55)SE9" ) flag++;
    else if ( ver == "12.2(99)SX1003" ) flag++;
    else if ( ver == "12.2(99)SX1006" ) flag++;
    else if ( ver == "12.2(99)SX1010" ) flag++;
    else if ( ver == "12.2(99)SX1012" ) flag++;
    else if ( ver == "12.2(99)SX1017" ) flag++;
    else if ( ver == "12.3(11)T" ) flag++;
    else if ( ver == "12.3(11)T1" ) flag++;
    else if ( ver == "12.3(11)T10" ) flag++;
    else if ( ver == "12.3(11)T11" ) flag++;
    else if ( ver == "12.3(11)T12" ) flag++;
    else if ( ver == "12.3(11)T2" ) flag++;
    else if ( ver == "12.3(11)T2a" ) flag++;
    else if ( ver == "12.3(11)T3" ) flag++;
    else if ( ver == "12.3(11)T4" ) flag++;
    else if ( ver == "12.3(11)T5" ) flag++;
    else if ( ver == "12.3(11)T6" ) flag++;
    else if ( ver == "12.3(11)T7" ) flag++;
    else if ( ver == "12.3(11)T8" ) flag++;
    else if ( ver == "12.3(11)T9" ) flag++;
    else if ( ver == "12.3(11)TO3" ) flag++;
    else if ( ver == "12.3(11)XL" ) flag++;
    else if ( ver == "12.3(11)XL1" ) flag++;
    else if ( ver == "12.3(11)XL2" ) flag++;
    else if ( ver == "12.3(11)XL3" ) flag++;
    else if ( ver == "12.3(11)YF" ) flag++;
    else if ( ver == "12.3(11)YF1" ) flag++;
    else if ( ver == "12.3(11)YF2" ) flag++;
    else if ( ver == "12.3(11)YF3" ) flag++;
    else if ( ver == "12.3(11)YF4" ) flag++;
    else if ( ver == "12.3(11)YK" ) flag++;
    else if ( ver == "12.3(11)YK1" ) flag++;
    else if ( ver == "12.3(11)YK2" ) flag++;
    else if ( ver == "12.3(11)YK3" ) flag++;
    else if ( ver == "12.3(11)YL" ) flag++;
    else if ( ver == "12.3(11)YL1" ) flag++;
    else if ( ver == "12.3(11)YL2" ) flag++;
    else if ( ver == "12.3(11)YN" ) flag++;
    else if ( ver == "12.3(11)YR" ) flag++;
    else if ( ver == "12.3(11)YR1" ) flag++;
    else if ( ver == "12.3(11)YS" ) flag++;
    else if ( ver == "12.3(11)YS1" ) flag++;
    else if ( ver == "12.3(11)YS2" ) flag++;
    else if ( ver == "12.3(11)YZ" ) flag++;
    else if ( ver == "12.3(11)YZ1" ) flag++;
    else if ( ver == "12.3(11)YZ2" ) flag++;
    else if ( ver == "12.3(11)ZB" ) flag++;
    else if ( ver == "12.3(11)ZB1" ) flag++;
    else if ( ver == "12.3(11)ZB2" ) flag++;
    else if ( ver == "12.3(14)T" ) flag++;
    else if ( ver == "12.3(14)T1" ) flag++;
    else if ( ver == "12.3(14)T2" ) flag++;
    else if ( ver == "12.3(14)T3" ) flag++;
    else if ( ver == "12.3(14)T4" ) flag++;
    else if ( ver == "12.3(14)T5" ) flag++;
    else if ( ver == "12.3(14)T6" ) flag++;
    else if ( ver == "12.3(14)T7" ) flag++;
    else if ( ver == "12.3(14)YQ" ) flag++;
    else if ( ver == "12.3(14)YQ1" ) flag++;
    else if ( ver == "12.3(14)YQ2" ) flag++;
    else if ( ver == "12.3(14)YQ3" ) flag++;
    else if ( ver == "12.3(14)YQ4" ) flag++;
    else if ( ver == "12.3(14)YQ5" ) flag++;
    else if ( ver == "12.3(14)YQ6" ) flag++;
    else if ( ver == "12.3(14)YQ7" ) flag++;
    else if ( ver == "12.3(14)YQ8" ) flag++;
    else if ( ver == "12.3(14)YT" ) flag++;
    else if ( ver == "12.3(14)YT1" ) flag++;
    else if ( ver == "12.3(14)YU" ) flag++;
    else if ( ver == "12.3(14)YU1" ) flag++;
    else if ( ver == "12.3(2)XE" ) flag++;
    else if ( ver == "12.3(2)XE1" ) flag++;
    else if ( ver == "12.3(2)XE2" ) flag++;
    else if ( ver == "12.3(2)XE3" ) flag++;
    else if ( ver == "12.3(2)XE4" ) flag++;
    else if ( ver == "12.3(2)XE5" ) flag++;
    else if ( ver == "12.3(2)XF" ) flag++;
    else if ( ver == "12.3(4)T" ) flag++;
    else if ( ver == "12.3(4)T1" ) flag++;
    else if ( ver == "12.3(4)T10" ) flag++;
    else if ( ver == "12.3(4)T11" ) flag++;
    else if ( ver == "12.3(4)T2" ) flag++;
    else if ( ver == "12.3(4)T3" ) flag++;
    else if ( ver == "12.3(4)T4" ) flag++;
    else if ( ver == "12.3(4)T6" ) flag++;
    else if ( ver == "12.3(4)T7" ) flag++;
    else if ( ver == "12.3(4)T8" ) flag++;
    else if ( ver == "12.3(4)T9" ) flag++;
    else if ( ver == "12.3(4)TPC11a" ) flag++;
    else if ( ver == "12.3(4)TPC11b" ) flag++;
    else if ( ver == "12.3(4)XD" ) flag++;
    else if ( ver == "12.3(4)XD1" ) flag++;
    else if ( ver == "12.3(4)XD2" ) flag++;
    else if ( ver == "12.3(4)XD3" ) flag++;
    else if ( ver == "12.3(4)XD4" ) flag++;
    else if ( ver == "12.3(4)XG" ) flag++;
    else if ( ver == "12.3(4)XG1" ) flag++;
    else if ( ver == "12.3(4)XG2" ) flag++;
    else if ( ver == "12.3(4)XG3" ) flag++;
    else if ( ver == "12.3(4)XG4" ) flag++;
    else if ( ver == "12.3(4)XG5" ) flag++;
    else if ( ver == "12.3(4)XH" ) flag++;
    else if ( ver == "12.3(4)XH1" ) flag++;
    else if ( ver == "12.3(4)XK" ) flag++;
    else if ( ver == "12.3(4)XK1" ) flag++;
    else if ( ver == "12.3(4)XK2" ) flag++;
    else if ( ver == "12.3(4)XK3" ) flag++;
    else if ( ver == "12.3(4)XK4" ) flag++;
    else if ( ver == "12.3(4)XQ" ) flag++;
    else if ( ver == "12.3(4)XQ1" ) flag++;
    else if ( ver == "12.3(4)YE" ) flag++;
    else if ( ver == "12.3(4)YE1" ) flag++;
    else if ( ver == "12.3(7)T" ) flag++;
    else if ( ver == "12.3(7)T1" ) flag++;
    else if ( ver == "12.3(7)T10" ) flag++;
    else if ( ver == "12.3(7)T11" ) flag++;
    else if ( ver == "12.3(7)T12" ) flag++;
    else if ( ver == "12.3(7)T2" ) flag++;
    else if ( ver == "12.3(7)T3" ) flag++;
    else if ( ver == "12.3(7)T4" ) flag++;
    else if ( ver == "12.3(7)T6" ) flag++;
    else if ( ver == "12.3(7)T7" ) flag++;
    else if ( ver == "12.3(7)T8" ) flag++;
    else if ( ver == "12.3(7)T9" ) flag++;
    else if ( ver == "12.3(7)XI" ) flag++;
    else if ( ver == "12.3(7)XI10" ) flag++;
    else if ( ver == "12.3(7)XI10a" ) flag++;
    else if ( ver == "12.3(7)XI10b" ) flag++;
    else if ( ver == "12.3(7)XI1a" ) flag++;
    else if ( ver == "12.3(7)XI1b" ) flag++;
    else if ( ver == "12.3(7)XI1c" ) flag++;
    else if ( ver == "12.3(7)XI2" ) flag++;
    else if ( ver == "12.3(7)XI2a" ) flag++;
    else if ( ver == "12.3(7)XI2b" ) flag++;
    else if ( ver == "12.3(7)XI2c" ) flag++;
    else if ( ver == "12.3(7)XI3" ) flag++;
    else if ( ver == "12.3(7)XI3a" ) flag++;
    else if ( ver == "12.3(7)XI3b" ) flag++;
    else if ( ver == "12.3(7)XI4" ) flag++;
    else if ( ver == "12.3(7)XI5" ) flag++;
    else if ( ver == "12.3(7)XI6" ) flag++;
    else if ( ver == "12.3(7)XI7" ) flag++;
    else if ( ver == "12.3(7)XI7a" ) flag++;
    else if ( ver == "12.3(7)XI7b" ) flag++;
    else if ( ver == "12.3(7)XI8" ) flag++;
    else if ( ver == "12.3(7)XI8a" ) flag++;
    else if ( ver == "12.3(7)XI8c" ) flag++;
    else if ( ver == "12.3(7)XI8d" ) flag++;
    else if ( ver == "12.3(7)XI8e" ) flag++;
    else if ( ver == "12.3(7)XI8f" ) flag++;
    else if ( ver == "12.3(7)XI8g" ) flag++;
    else if ( ver == "12.3(7)XI9" ) flag++;
    else if ( ver == "12.3(7)XJ" ) flag++;
    else if ( ver == "12.3(7)XJ1" ) flag++;
    else if ( ver == "12.3(7)XJ2" ) flag++;
    else if ( ver == "12.3(7)XL" ) flag++;
    else if ( ver == "12.3(7)XM" ) flag++;
    else if ( ver == "12.3(7)XR" ) flag++;
    else if ( ver == "12.3(7)XR1" ) flag++;
    else if ( ver == "12.3(7)XR2" ) flag++;
    else if ( ver == "12.3(7)XR3" ) flag++;
    else if ( ver == "12.3(7)XR4" ) flag++;
    else if ( ver == "12.3(7)XR5" ) flag++;
    else if ( ver == "12.3(7)XR6" ) flag++;
    else if ( ver == "12.3(7)XR7" ) flag++;
    else if ( ver == "12.3(7)XS" ) flag++;
    else if ( ver == "12.3(7)XS1" ) flag++;
    else if ( ver == "12.3(7)XS2" ) flag++;
    else if ( ver == "12.3(7)YB" ) flag++;
    else if ( ver == "12.3(7)YB1" ) flag++;
    else if ( ver == "12.3(8)JEC1" ) flag++;
    else if ( ver == "12.3(8)JEC2" ) flag++;
    else if ( ver == "12.3(8)JEC3" ) flag++;
    else if ( ver == "12.3(8)JED" ) flag++;
    else if ( ver == "12.3(8)T" ) flag++;
    else if ( ver == "12.3(8)T0a" ) flag++;
    else if ( ver == "12.3(8)T1" ) flag++;
    else if ( ver == "12.3(8)T10" ) flag++;
    else if ( ver == "12.3(8)T11" ) flag++;
    else if ( ver == "12.3(8)T2" ) flag++;
    else if ( ver == "12.3(8)T3" ) flag++;
    else if ( ver == "12.3(8)T4" ) flag++;
    else if ( ver == "12.3(8)T5" ) flag++;
    else if ( ver == "12.3(8)T6" ) flag++;
    else if ( ver == "12.3(8)T7" ) flag++;
    else if ( ver == "12.3(8)T8" ) flag++;
    else if ( ver == "12.3(8)T9" ) flag++;
    else if ( ver == "12.3(8)XU2" ) flag++;
    else if ( ver == "12.3(8)XU3" ) flag++;
    else if ( ver == "12.3(8)XU4" ) flag++;
    else if ( ver == "12.3(8)XU5" ) flag++;
    else if ( ver == "12.3(8)XW" ) flag++;
    else if ( ver == "12.3(8)XW1" ) flag++;
    else if ( ver == "12.3(8)XW1a" ) flag++;
    else if ( ver == "12.3(8)XW1b" ) flag++;
    else if ( ver == "12.3(8)XW2" ) flag++;
    else if ( ver == "12.3(8)XW3" ) flag++;
    else if ( ver == "12.3(8)XX" ) flag++;
    else if ( ver == "12.3(8)XX1" ) flag++;
    else if ( ver == "12.3(8)XX2" ) flag++;
    else if ( ver == "12.3(8)XX2a" ) flag++;
    else if ( ver == "12.3(8)XX2b" ) flag++;
    else if ( ver == "12.3(8)XX2c" ) flag++;
    else if ( ver == "12.3(8)XX2d" ) flag++;
    else if ( ver == "12.3(8)XX2e" ) flag++;
    else if ( ver == "12.3(8)YA" ) flag++;
    else if ( ver == "12.3(8)YA1" ) flag++;
    else if ( ver == "12.3(8)YC" ) flag++;
    else if ( ver == "12.3(8)YC1" ) flag++;
    else if ( ver == "12.3(8)YC2" ) flag++;
    else if ( ver == "12.3(8)YC3" ) flag++;
    else if ( ver == "12.3(8)YD" ) flag++;
    else if ( ver == "12.3(8)YD1" ) flag++;
    else if ( ver == "12.3(8)YG" ) flag++;
    else if ( ver == "12.3(8)YG1" ) flag++;
    else if ( ver == "12.3(8)YG2" ) flag++;
    else if ( ver == "12.3(8)YG3" ) flag++;
    else if ( ver == "12.3(8)YG4" ) flag++;
    else if ( ver == "12.3(8)YG5" ) flag++;
    else if ( ver == "12.3(8)YG6" ) flag++;
    else if ( ver == "12.3(8)YG7" ) flag++;
    else if ( ver == "12.3(8)YH" ) flag++;
    else if ( ver == "12.3(8)YI" ) flag++;
    else if ( ver == "12.3(8)YI1" ) flag++;
    else if ( ver == "12.3(8)YI2" ) flag++;
    else if ( ver == "12.3(8)YI3" ) flag++;
    else if ( ver == "12.3(8)ZA" ) flag++;
    else if ( ver == "12.3(8)ZA1" ) flag++;
    else if ( ver == "12.4(1)" ) flag++;
    else if ( ver == "12.4(10)" ) flag++;
    else if ( ver == "12.4(10a)" ) flag++;
    else if ( ver == "12.4(10b)" ) flag++;
    else if ( ver == "12.4(10c)" ) flag++;
    else if ( ver == "12.4(11)MR" ) flag++;
    else if ( ver == "12.4(11)SW" ) flag++;
    else if ( ver == "12.4(11)SW1" ) flag++;
    else if ( ver == "12.4(11)SW2" ) flag++;
    else if ( ver == "12.4(11)SW3" ) flag++;
    else if ( ver == "12.4(11)T" ) flag++;
    else if ( ver == "12.4(11)T1" ) flag++;
    else if ( ver == "12.4(11)T2" ) flag++;
    else if ( ver == "12.4(11)T3" ) flag++;
    else if ( ver == "12.4(11)T4" ) flag++;
    else if ( ver == "12.4(11)XJ" ) flag++;
    else if ( ver == "12.4(11)XJ1" ) flag++;
    else if ( ver == "12.4(11)XJ2" ) flag++;
    else if ( ver == "12.4(11)XJ3" ) flag++;
    else if ( ver == "12.4(11)XJ4" ) flag++;
    else if ( ver == "12.4(11)XJ5" ) flag++;
    else if ( ver == "12.4(11)XJ6" ) flag++;
    else if ( ver == "12.4(11)XV" ) flag++;
    else if ( ver == "12.4(11)XV1" ) flag++;
    else if ( ver == "12.4(11)XW" ) flag++;
    else if ( ver == "12.4(11)XW1" ) flag++;
    else if ( ver == "12.4(11)XW10" ) flag++;
    else if ( ver == "12.4(11)XW2" ) flag++;
    else if ( ver == "12.4(11)XW3" ) flag++;
    else if ( ver == "12.4(11)XW4" ) flag++;
    else if ( ver == "12.4(11)XW5" ) flag++;
    else if ( ver == "12.4(11)XW6" ) flag++;
    else if ( ver == "12.4(11)XW7" ) flag++;
    else if ( ver == "12.4(11)XW8" ) flag++;
    else if ( ver == "12.4(11)XW9" ) flag++;
    else if ( ver == "12.4(12)" ) flag++;
    else if ( ver == "12.4(12a)" ) flag++;
    else if ( ver == "12.4(12b)" ) flag++;
    else if ( ver == "12.4(12c)" ) flag++;
    else if ( ver == "12.4(12)MR" ) flag++;
    else if ( ver == "12.4(12)MR1" ) flag++;
    else if ( ver == "12.4(12)MR2" ) flag++;
    else if ( ver == "12.4(13)" ) flag++;
    else if ( ver == "12.4(13a)" ) flag++;
    else if ( ver == "12.4(13b)" ) flag++;
    else if ( ver == "12.4(13c)" ) flag++;
    else if ( ver == "12.4(13d)" ) flag++;
    else if ( ver == "12.4(13e)" ) flag++;
    else if ( ver == "12.4(13f)" ) flag++;
    else if ( ver == "12.4(14)XK" ) flag++;
    else if ( ver == "12.4(15)MD" ) flag++;
    else if ( ver == "12.4(15)MD1" ) flag++;
    else if ( ver == "12.4(15)MD2" ) flag++;
    else if ( ver == "12.4(15)MD3" ) flag++;
    else if ( ver == "12.4(15)MD4" ) flag++;
    else if ( ver == "12.4(15)MD5" ) flag++;
    else if ( ver == "12.4(15)SW" ) flag++;
    else if ( ver == "12.4(15)SW1" ) flag++;
    else if ( ver == "12.4(15)SW2" ) flag++;
    else if ( ver == "12.4(15)SW3" ) flag++;
    else if ( ver == "12.4(15)SW4" ) flag++;
    else if ( ver == "12.4(15)SW5" ) flag++;
    else if ( ver == "12.4(15)SW6" ) flag++;
    else if ( ver == "12.4(15)SW7" ) flag++;
    else if ( ver == "12.4(15)SW8" ) flag++;
    else if ( ver == "12.4(15)SW8a" ) flag++;
    else if ( ver == "12.4(15)SW9" ) flag++;
    else if ( ver == "12.4(15)T" ) flag++;
    else if ( ver == "12.4(15)T1" ) flag++;
    else if ( ver == "12.4(15)T10" ) flag++;
    else if ( ver == "12.4(15)T11" ) flag++;
    else if ( ver == "12.4(15)T12" ) flag++;
    else if ( ver == "12.4(15)T13" ) flag++;
    else if ( ver == "12.4(15)T13b" ) flag++;
    else if ( ver == "12.4(15)T14" ) flag++;
    else if ( ver == "12.4(15)T15" ) flag++;
    else if ( ver == "12.4(15)T16" ) flag++;
    else if ( ver == "12.4(15)T17" ) flag++;
    else if ( ver == "12.4(15)T2" ) flag++;
    else if ( ver == "12.4(15)T3" ) flag++;
    else if ( ver == "12.4(15)T4" ) flag++;
    else if ( ver == "12.4(15)T5" ) flag++;
    else if ( ver == "12.4(15)T6" ) flag++;
    else if ( ver == "12.4(15)T6a" ) flag++;
    else if ( ver == "12.4(15)T7" ) flag++;
    else if ( ver == "12.4(15)T8" ) flag++;
    else if ( ver == "12.4(15)T9" ) flag++;
    else if ( ver == "12.4(15)XF" ) flag++;
    else if ( ver == "12.4(15)XQ" ) flag++;
    else if ( ver == "12.4(15)XQ1" ) flag++;
    else if ( ver == "12.4(15)XQ2" ) flag++;
    else if ( ver == "12.4(15)XQ2a" ) flag++;
    else if ( ver == "12.4(15)XQ2b" ) flag++;
    else if ( ver == "12.4(15)XQ2c" ) flag++;
    else if ( ver == "12.4(15)XQ2d" ) flag++;
    else if ( ver == "12.4(15)XQ3" ) flag++;
    else if ( ver == "12.4(15)XQ4" ) flag++;
    else if ( ver == "12.4(15)XQ5" ) flag++;
    else if ( ver == "12.4(15)XQ6" ) flag++;
    else if ( ver == "12.4(15)XQ7" ) flag++;
    else if ( ver == "12.4(15)XQ8" ) flag++;
    else if ( ver == "12.4(15)XR" ) flag++;
    else if ( ver == "12.4(15)XR1" ) flag++;
    else if ( ver == "12.4(15)XR10" ) flag++;
    else if ( ver == "12.4(15)XR2" ) flag++;
    else if ( ver == "12.4(15)XR3" ) flag++;
    else if ( ver == "12.4(15)XR4" ) flag++;
    else if ( ver == "12.4(15)XR5" ) flag++;
    else if ( ver == "12.4(15)XR6" ) flag++;
    else if ( ver == "12.4(15)XR7" ) flag++;
    else if ( ver == "12.4(15)XR8" ) flag++;
    else if ( ver == "12.4(15)XR9" ) flag++;
    else if ( ver == "12.4(15)XY" ) flag++;
    else if ( ver == "12.4(15)XY1" ) flag++;
    else if ( ver == "12.4(15)XY2" ) flag++;
    else if ( ver == "12.4(15)XY3" ) flag++;
    else if ( ver == "12.4(15)XY4" ) flag++;
    else if ( ver == "12.4(15)XY5" ) flag++;
    else if ( ver == "12.4(15)XZ" ) flag++;
    else if ( ver == "12.4(15)XZ1" ) flag++;
    else if ( ver == "12.4(15)XZ2" ) flag++;
    else if ( ver == "12.4(16)" ) flag++;
    else if ( ver == "12.4(16a)" ) flag++;
    else if ( ver == "12.4(16b)" ) flag++;
    else if ( ver == "12.4(16)MR1" ) flag++;
    else if ( ver == "12.4(16)MR2" ) flag++;
    else if ( ver == "12.4(17)" ) flag++;
    else if ( ver == "12.4(17a)" ) flag++;
    else if ( ver == "12.4(17b)" ) flag++;
    else if ( ver == "12.4(18)" ) flag++;
    else if ( ver == "12.4(18a)" ) flag++;
    else if ( ver == "12.4(18b)" ) flag++;
    else if ( ver == "12.4(18c)" ) flag++;
    else if ( ver == "12.4(18d)" ) flag++;
    else if ( ver == "12.4(18e)" ) flag++;
    else if ( ver == "12.4(19)" ) flag++;
    else if ( ver == "12.4(19)MR" ) flag++;
    else if ( ver == "12.4(19)MR1" ) flag++;
    else if ( ver == "12.4(19)MR2" ) flag++;
    else if ( ver == "12.4(19)MR3" ) flag++;
    else if ( ver == "12.4(1a)" ) flag++;
    else if ( ver == "12.4(1b)" ) flag++;
    else if ( ver == "12.4(1c)" ) flag++;
    else if ( ver == "12.4(20)MR" ) flag++;
    else if ( ver == "12.4(20)MR2" ) flag++;
    else if ( ver == "12.4(20)MRB" ) flag++;
    else if ( ver == "12.4(20)MRB1" ) flag++;
    else if ( ver == "12.4(20)T" ) flag++;
    else if ( ver == "12.4(20)T1" ) flag++;
    else if ( ver == "12.4(20)T2" ) flag++;
    else if ( ver == "12.4(20)T3" ) flag++;
    else if ( ver == "12.4(20)T4" ) flag++;
    else if ( ver == "12.4(20)T5" ) flag++;
    else if ( ver == "12.4(20)T5a" ) flag++;
    else if ( ver == "12.4(20)T6" ) flag++;
    else if ( ver == "12.4(20)YA" ) flag++;
    else if ( ver == "12.4(20)YA1" ) flag++;
    else if ( ver == "12.4(20)YA2" ) flag++;
    else if ( ver == "12.4(20)YA3" ) flag++;
    else if ( ver == "12.4(21)" ) flag++;
    else if ( ver == "12.4(21a)" ) flag++;
    else if ( ver == "12.4(21a)M1" ) flag++;
    else if ( ver == "12.4(22)GC1" ) flag++;
    else if ( ver == "12.4(22)GC1a" ) flag++;
    else if ( ver == "12.4(22)MD" ) flag++;
    else if ( ver == "12.4(22)MD1" ) flag++;
    else if ( ver == "12.4(22)MD2" ) flag++;
    else if ( ver == "12.4(22)MDA" ) flag++;
    else if ( ver == "12.4(22)MDA1" ) flag++;
    else if ( ver == "12.4(22)MDA2" ) flag++;
    else if ( ver == "12.4(22)MDA3" ) flag++;
    else if ( ver == "12.4(22)MDA4" ) flag++;
    else if ( ver == "12.4(22)MDA5" ) flag++;
    else if ( ver == "12.4(22)MDA6" ) flag++;
    else if ( ver == "12.4(22)T" ) flag++;
    else if ( ver == "12.4(22)T1" ) flag++;
    else if ( ver == "12.4(22)T2" ) flag++;
    else if ( ver == "12.4(22)T3" ) flag++;
    else if ( ver == "12.4(22)T4" ) flag++;
    else if ( ver == "12.4(22)T5" ) flag++;
    else if ( ver == "12.4(22)XR1" ) flag++;
    else if ( ver == "12.4(22)XR10" ) flag++;
    else if ( ver == "12.4(22)XR11" ) flag++;
    else if ( ver == "12.4(22)XR12" ) flag++;
    else if ( ver == "12.4(22)XR2" ) flag++;
    else if ( ver == "12.4(22)XR3" ) flag++;
    else if ( ver == "12.4(22)XR4" ) flag++;
    else if ( ver == "12.4(22)XR5" ) flag++;
    else if ( ver == "12.4(22)XR6" ) flag++;
    else if ( ver == "12.4(22)XR7" ) flag++;
    else if ( ver == "12.4(22)XR8" ) flag++;
    else if ( ver == "12.4(22)XR9" ) flag++;
    else if ( ver == "12.4(22)YB" ) flag++;
    else if ( ver == "12.4(22)YB1" ) flag++;
    else if ( ver == "12.4(22)YB2" ) flag++;
    else if ( ver == "12.4(22)YB3" ) flag++;
    else if ( ver == "12.4(22)YB4" ) flag++;
    else if ( ver == "12.4(22)YB5" ) flag++;
    else if ( ver == "12.4(22)YB6" ) flag++;
    else if ( ver == "12.4(22)YB7" ) flag++;
    else if ( ver == "12.4(22)YB8" ) flag++;
    else if ( ver == "12.4(22)YD" ) flag++;
    else if ( ver == "12.4(22)YD1" ) flag++;
    else if ( ver == "12.4(22)YD2" ) flag++;
    else if ( ver == "12.4(22)YD3" ) flag++;
    else if ( ver == "12.4(22)YD4" ) flag++;
    else if ( ver == "12.4(22)YE" ) flag++;
    else if ( ver == "12.4(22)YE1" ) flag++;
    else if ( ver == "12.4(22)YE2" ) flag++;
    else if ( ver == "12.4(22)YE3" ) flag++;
    else if ( ver == "12.4(22)YE4" ) flag++;
    else if ( ver == "12.4(22)YE5" ) flag++;
    else if ( ver == "12.4(22)YE6" ) flag++;
    else if ( ver == "12.4(23)" ) flag++;
    else if ( ver == "12.4(23a)" ) flag++;
    else if ( ver == "12.4(23b)" ) flag++;
    else if ( ver == "12.4(23b)M1" ) flag++;
    else if ( ver == "12.4(23c)" ) flag++;
    else if ( ver == "12.4(23d)" ) flag++;
    else if ( ver == "12.4(23e)" ) flag++;
    else if ( ver == "12.4(24)GC1" ) flag++;
    else if ( ver == "12.4(24)GC3" ) flag++;
    else if ( ver == "12.4(24)GC3a" ) flag++;
    else if ( ver == "12.4(24)GC4" ) flag++;
    else if ( ver == "12.4(24)GC5" ) flag++;
    else if ( ver == "12.4(24)MD" ) flag++;
    else if ( ver == "12.4(24)MD1" ) flag++;
    else if ( ver == "12.4(24)MD2" ) flag++;
    else if ( ver == "12.4(24)MD3" ) flag++;
    else if ( ver == "12.4(24)MD4" ) flag++;
    else if ( ver == "12.4(24)MD5" ) flag++;
    else if ( ver == "12.4(24)MD6" ) flag++;
    else if ( ver == "12.4(24)MD7" ) flag++;
    else if ( ver == "12.4(24)MDA" ) flag++;
    else if ( ver == "12.4(24)MDA1" ) flag++;
    else if ( ver == "12.4(24)MDA10" ) flag++;
    else if ( ver == "12.4(24)MDA11" ) flag++;
    else if ( ver == "12.4(24)MDA12" ) flag++;
    else if ( ver == "12.4(24)MDA13" ) flag++;
    else if ( ver == "12.4(24)MDA2" ) flag++;
    else if ( ver == "12.4(24)MDA3" ) flag++;
    else if ( ver == "12.4(24)MDA4" ) flag++;
    else if ( ver == "12.4(24)MDA5" ) flag++;
    else if ( ver == "12.4(24)MDA6" ) flag++;
    else if ( ver == "12.4(24)MDA7" ) flag++;
    else if ( ver == "12.4(24)MDA8" ) flag++;
    else if ( ver == "12.4(24)MDA9" ) flag++;
    else if ( ver == "12.4(24)MDB" ) flag++;
    else if ( ver == "12.4(24)MDB1" ) flag++;
    else if ( ver == "12.4(24)MDB10" ) flag++;
    else if ( ver == "12.4(24)MDB11" ) flag++;
    else if ( ver == "12.4(24)MDB12" ) flag++;
    else if ( ver == "12.4(24)MDB13" ) flag++;
    else if ( ver == "12.4(24)MDB14" ) flag++;
    else if ( ver == "12.4(24)MDB15" ) flag++;
    else if ( ver == "12.4(24)MDB16" ) flag++;
    else if ( ver == "12.4(24)MDB17" ) flag++;
    else if ( ver == "12.4(24)MDB18" ) flag++;
    else if ( ver == "12.4(24)MDB19" ) flag++;
    else if ( ver == "12.4(24)MDB3" ) flag++;
    else if ( ver == "12.4(24)MDB4" ) flag++;
    else if ( ver == "12.4(24)MDB5" ) flag++;
    else if ( ver == "12.4(24)MDB5a" ) flag++;
    else if ( ver == "12.4(24)MDB6" ) flag++;
    else if ( ver == "12.4(24)MDB7" ) flag++;
    else if ( ver == "12.4(24)MDB8" ) flag++;
    else if ( ver == "12.4(24)MDB9" ) flag++;
    else if ( ver == "12.4(24)T" ) flag++;
    else if ( ver == "12.4(24)T1" ) flag++;
    else if ( ver == "12.4(24)T10" ) flag++;
    else if ( ver == "12.4(24)T11" ) flag++;
    else if ( ver == "12.4(24)T12" ) flag++;
    else if ( ver == "12.4(24)T2" ) flag++;
    else if ( ver == "12.4(24)T3" ) flag++;
    else if ( ver == "12.4(24)T3e" ) flag++;
    else if ( ver == "12.4(24)T3f" ) flag++;
    else if ( ver == "12.4(24)T4" ) flag++;
    else if ( ver == "12.4(24)T4a" ) flag++;
    else if ( ver == "12.4(24)T4b" ) flag++;
    else if ( ver == "12.4(24)T4c" ) flag++;
    else if ( ver == "12.4(24)T4d" ) flag++;
    else if ( ver == "12.4(24)T4e" ) flag++;
    else if ( ver == "12.4(24)T4f" ) flag++;
    else if ( ver == "12.4(24)T4g" ) flag++;
    else if ( ver == "12.4(24)T4h" ) flag++;
    else if ( ver == "12.4(24)T4i" ) flag++;
    else if ( ver == "12.4(24)T4j" ) flag++;
    else if ( ver == "12.4(24)T4k" ) flag++;
    else if ( ver == "12.4(24)T4l" ) flag++;
    else if ( ver == "12.4(24)T4m" ) flag++;
    else if ( ver == "12.4(24)T4n" ) flag++;
    else if ( ver == "12.4(24)T4o" ) flag++;
    else if ( ver == "12.4(24)T5" ) flag++;
    else if ( ver == "12.4(24)T6" ) flag++;
    else if ( ver == "12.4(24)T7" ) flag++;
    else if ( ver == "12.4(24)T8" ) flag++;
    else if ( ver == "12.4(24)T9" ) flag++;
    else if ( ver == "12.4(24)YE" ) flag++;
    else if ( ver == "12.4(24)YE1" ) flag++;
    else if ( ver == "12.4(24)YE2" ) flag++;
    else if ( ver == "12.4(24)YE3" ) flag++;
    else if ( ver == "12.4(24)YE3a" ) flag++;
    else if ( ver == "12.4(24)YE3b" ) flag++;
    else if ( ver == "12.4(24)YE3c" ) flag++;
    else if ( ver == "12.4(24)YE3d" ) flag++;
    else if ( ver == "12.4(24)YE3e" ) flag++;
    else if ( ver == "12.4(24)YE4" ) flag++;
    else if ( ver == "12.4(24)YE5" ) flag++;
    else if ( ver == "12.4(24)YE6" ) flag++;
    else if ( ver == "12.4(24)YE7" ) flag++;
    else if ( ver == "12.4(24)YG1" ) flag++;
    else if ( ver == "12.4(24)YG2" ) flag++;
    else if ( ver == "12.4(24)YG3" ) flag++;
    else if ( ver == "12.4(24)YG4" ) flag++;
    else if ( ver == "12.4(24)YS" ) flag++;
    else if ( ver == "12.4(24)YS1" ) flag++;
    else if ( ver == "12.4(24)YS10" ) flag++;
    else if ( ver == "12.4(24)YS2" ) flag++;
    else if ( ver == "12.4(24)YS3" ) flag++;
    else if ( ver == "12.4(24)YS4" ) flag++;
    else if ( ver == "12.4(24)YS5" ) flag++;
    else if ( ver == "12.4(24)YS6" ) flag++;
    else if ( ver == "12.4(24)YS7" ) flag++;
    else if ( ver == "12.4(24)YS8" ) flag++;
    else if ( ver == "12.4(24)YS8a" ) flag++;
    else if ( ver == "12.4(24)YS9" ) flag++;
    else if ( ver == "12.4(25)" ) flag++;
    else if ( ver == "12.4(25a)" ) flag++;
    else if ( ver == "12.4(25b)" ) flag++;
    else if ( ver == "12.4(25c)" ) flag++;
    else if ( ver == "12.4(25d)" ) flag++;
    else if ( ver == "12.4(25e)" ) flag++;
    else if ( ver == "12.4(25f)" ) flag++;
    else if ( ver == "12.4(25g)" ) flag++;
    else if ( ver == "12.4(2)T" ) flag++;
    else if ( ver == "12.4(2)T1" ) flag++;
    else if ( ver == "12.4(2)T2" ) flag++;
    else if ( ver == "12.4(2)T3" ) flag++;
    else if ( ver == "12.4(2)T4" ) flag++;
    else if ( ver == "12.4(2)T5" ) flag++;
    else if ( ver == "12.4(2)T6" ) flag++;
    else if ( ver == "12.4(2)XA" ) flag++;
    else if ( ver == "12.4(2)XA1" ) flag++;
    else if ( ver == "12.4(2)XA2" ) flag++;
    else if ( ver == "12.4(2)XB" ) flag++;
    else if ( ver == "12.4(2)XB1" ) flag++;
    else if ( ver == "12.4(2)XB10" ) flag++;
    else if ( ver == "12.4(2)XB11" ) flag++;
    else if ( ver == "12.4(2)XB2" ) flag++;
    else if ( ver == "12.4(2)XB3" ) flag++;
    else if ( ver == "12.4(2)XB4" ) flag++;
    else if ( ver == "12.4(2)XB5" ) flag++;
    else if ( ver == "12.4(2)XB6" ) flag++;
    else if ( ver == "12.4(2)XB7" ) flag++;
    else if ( ver == "12.4(2)XB8" ) flag++;
    else if ( ver == "12.4(2)XB9" ) flag++;
    else if ( ver == "12.4(3)" ) flag++;
    else if ( ver == "12.4(3a)" ) flag++;
    else if ( ver == "12.4(3b)" ) flag++;
    else if ( ver == "12.4(3c)" ) flag++;
    else if ( ver == "12.4(3d)" ) flag++;
    else if ( ver == "12.4(3e)" ) flag++;
    else if ( ver == "12.4(3f)" ) flag++;
    else if ( ver == "12.4(3g)" ) flag++;
    else if ( ver == "12.4(3h)" ) flag++;
    else if ( ver == "12.4(3i)" ) flag++;
    else if ( ver == "12.4(3j)" ) flag++;
    else if ( ver == "12.4(4)T" ) flag++;
    else if ( ver == "12.4(4)T1" ) flag++;
    else if ( ver == "12.4(4)T2" ) flag++;
    else if ( ver == "12.4(4)T3" ) flag++;
    else if ( ver == "12.4(4)T4" ) flag++;
    else if ( ver == "12.4(4)T5" ) flag++;
    else if ( ver == "12.4(4)T6" ) flag++;
    else if ( ver == "12.4(4)T7" ) flag++;
    else if ( ver == "12.4(4)T8" ) flag++;
    else if ( ver == "12.4(4)XC" ) flag++;
    else if ( ver == "12.4(4)XC1" ) flag++;
    else if ( ver == "12.4(4)XC2" ) flag++;
    else if ( ver == "12.4(4)XC3" ) flag++;
    else if ( ver == "12.4(4)XC4" ) flag++;
    else if ( ver == "12.4(4)XC5" ) flag++;
    else if ( ver == "12.4(4)XC6" ) flag++;
    else if ( ver == "12.4(4)XC7" ) flag++;
    else if ( ver == "12.4(4)XD" ) flag++;
    else if ( ver == "12.4(4)XD1" ) flag++;
    else if ( ver == "12.4(4)XD10" ) flag++;
    else if ( ver == "12.4(4)XD11" ) flag++;
    else if ( ver == "12.4(4)XD12" ) flag++;
    else if ( ver == "12.4(4)XD2" ) flag++;
    else if ( ver == "12.4(4)XD3" ) flag++;
    else if ( ver == "12.4(4)XD4" ) flag++;
    else if ( ver == "12.4(4)XD5" ) flag++;
    else if ( ver == "12.4(4)XD6" ) flag++;
    else if ( ver == "12.4(4)XD7" ) flag++;
    else if ( ver == "12.4(4)XD8" ) flag++;
    else if ( ver == "12.4(4)XD9" ) flag++;
    else if ( ver == "12.4(5)" ) flag++;
    else if ( ver == "12.4(5a)" ) flag++;
    else if ( ver == "12.4(5a)M0" ) flag++;
    else if ( ver == "12.4(5b)" ) flag++;
    else if ( ver == "12.4(5c)" ) flag++;
    else if ( ver == "12.4(6)T" ) flag++;
    else if ( ver == "12.4(6)T1" ) flag++;
    else if ( ver == "12.4(6)T10" ) flag++;
    else if ( ver == "12.4(6)T11" ) flag++;
    else if ( ver == "12.4(6)T12" ) flag++;
    else if ( ver == "12.4(6)T2" ) flag++;
    else if ( ver == "12.4(6)T3" ) flag++;
    else if ( ver == "12.4(6)T4" ) flag++;
    else if ( ver == "12.4(6)T5" ) flag++;
    else if ( ver == "12.4(6)T5a" ) flag++;
    else if ( ver == "12.4(6)T5b" ) flag++;
    else if ( ver == "12.4(6)T5c" ) flag++;
    else if ( ver == "12.4(6)T5e" ) flag++;
    else if ( ver == "12.4(6)T5f" ) flag++;
    else if ( ver == "12.4(6)T6" ) flag++;
    else if ( ver == "12.4(6)T7" ) flag++;
    else if ( ver == "12.4(6)T8" ) flag++;
    else if ( ver == "12.4(6)T9" ) flag++;
    else if ( ver == "12.4(6)XE" ) flag++;
    else if ( ver == "12.4(6)XE1" ) flag++;
    else if ( ver == "12.4(6)XE2" ) flag++;
    else if ( ver == "12.4(6)XE3" ) flag++;
    else if ( ver == "12.4(6)XP" ) flag++;
    else if ( ver == "12.4(6)XT" ) flag++;
    else if ( ver == "12.4(6)XT1" ) flag++;
    else if ( ver == "12.4(6)XT2" ) flag++;
    else if ( ver == "12.4(7)" ) flag++;
    else if ( ver == "12.4(7a)" ) flag++;
    else if ( ver == "12.4(7b)" ) flag++;
    else if ( ver == "12.4(7c)" ) flag++;
    else if ( ver == "12.4(7d)" ) flag++;
    else if ( ver == "12.4(7e)" ) flag++;
    else if ( ver == "12.4(7f)" ) flag++;
    else if ( ver == "12.4(7g)" ) flag++;
    else if ( ver == "12.4(7h)" ) flag++;
    else if ( ver == "12.4(8)" ) flag++;
    else if ( ver == "12.4(8a)" ) flag++;
    else if ( ver == "12.4(8b)" ) flag++;
    else if ( ver == "12.4(8c)" ) flag++;
    else if ( ver == "12.4(8d)" ) flag++;
    else if ( ver == "12.4(9)T" ) flag++;
    else if ( ver == "12.4(9)T0a" ) flag++;
    else if ( ver == "12.4(9)T1" ) flag++;
    else if ( ver == "12.4(9)T2" ) flag++;
    else if ( ver == "12.4(9)T3" ) flag++;
    else if ( ver == "12.4(9)T4" ) flag++;
    else if ( ver == "12.4(9)T5" ) flag++;
    else if ( ver == "12.4(9)T6" ) flag++;
    else if ( ver == "12.4(9)T7" ) flag++;
    else if ( ver == "15.0(1)M" ) flag++;
    else if ( ver == "15.0(1)M1" ) flag++;
    else if ( ver == "15.0(1)M10" ) flag++;
    else if ( ver == "15.0(1)M2" ) flag++;
    else if ( ver == "15.0(1)M3" ) flag++;
    else if ( ver == "15.0(1)M4" ) flag++;
    else if ( ver == "15.0(1)M5" ) flag++;
    else if ( ver == "15.0(1)M6" ) flag++;
    else if ( ver == "15.0(1)M6a" ) flag++;
    else if ( ver == "15.0(1)M7" ) flag++;
    else if ( ver == "15.0(1)M8" ) flag++;
    else if ( ver == "15.0(1)M9" ) flag++;
    else if ( ver == "15.0(1)MR" ) flag++;
    else if ( ver == "15.0(1)S" ) flag++;
    else if ( ver == "15.0(1)S1" ) flag++;
    else if ( ver == "15.0(1)S2" ) flag++;
    else if ( ver == "15.0(1)S3a" ) flag++;
    else if ( ver == "15.0(1)S4" ) flag++;
    else if ( ver == "15.0(1)S4a" ) flag++;
    else if ( ver == "15.0(1)S5" ) flag++;
    else if ( ver == "15.0(1)S6" ) flag++;
    else if ( ver == "15.0(1)SY" ) flag++;
    else if ( ver == "15.0(1)SY1" ) flag++;
    else if ( ver == "15.0(1)SY10" ) flag++;
    else if ( ver == "15.0(1)SY2" ) flag++;
    else if ( ver == "15.0(1)SY3" ) flag++;
    else if ( ver == "15.0(1)SY4" ) flag++;
    else if ( ver == "15.0(1)SY5" ) flag++;
    else if ( ver == "15.0(1)SY6" ) flag++;
    else if ( ver == "15.0(1)SY7" ) flag++;
    else if ( ver == "15.0(1)SY7a" ) flag++;
    else if ( ver == "15.0(1)SY8" ) flag++;
    else if ( ver == "15.0(1)SY9" ) flag++;
    else if ( ver == "15.0(1)XA" ) flag++;
    else if ( ver == "15.0(1)XA1" ) flag++;
    else if ( ver == "15.0(1)XA2" ) flag++;
    else if ( ver == "15.0(1)XA3" ) flag++;
    else if ( ver == "15.0(1)XA4" ) flag++;
    else if ( ver == "15.0(1)XA5" ) flag++;
    else if ( ver == "15.0(2a)EX5" ) flag++;
    else if ( ver == "15.0(2a)SE9" ) flag++;
    else if ( ver == "15.0(2)ED" ) flag++;
    else if ( ver == "15.0(2)ED1" ) flag++;
    else if ( ver == "15.0(2)EH" ) flag++;
    else if ( ver == "15.0(2)EJ" ) flag++;
    else if ( ver == "15.0(2)EJ1" ) flag++;
    else if ( ver == "15.0(2)EK" ) flag++;
    else if ( ver == "15.0(2)EK1" ) flag++;
    else if ( ver == "15.0(2)EX" ) flag++;
    else if ( ver == "15.0(2)EX1" ) flag++;
    else if ( ver == "15.0(2)EX3" ) flag++;
    else if ( ver == "15.0(2)EX4" ) flag++;
    else if ( ver == "15.0(2)EX5" ) flag++;
    else if ( ver == "15.0(2)EX6" ) flag++;
    else if ( ver == "15.0(2)EX7" ) flag++;
    else if ( ver == "15.0(2)EY" ) flag++;
    else if ( ver == "15.0(2)EY1" ) flag++;
    else if ( ver == "15.0(2)EY3" ) flag++;
    else if ( ver == "15.0(2)EZ" ) flag++;
    else if ( ver == "15.0(2)MR" ) flag++;
    else if ( ver == "15.0(2)SE" ) flag++;
    else if ( ver == "15.0(2)SE1" ) flag++;
    else if ( ver == "15.0(2)SE10" ) flag++;
    else if ( ver == "15.0(2)SE2" ) flag++;
    else if ( ver == "15.0(2)SE3" ) flag++;
    else if ( ver == "15.0(2)SE4" ) flag++;
    else if ( ver == "15.0(2)SE5" ) flag++;
    else if ( ver == "15.0(2)SE6" ) flag++;
    else if ( ver == "15.0(2)SE7" ) flag++;
    else if ( ver == "15.0(2)SE8" ) flag++;
    else if ( ver == "15.0(2)SE9" ) flag++;
    else if ( ver == "15.1(1)MR" ) flag++;
    else if ( ver == "15.1(1)MR1" ) flag++;
    else if ( ver == "15.1(1)MR2" ) flag++;
    else if ( ver == "15.1(1)MR3" ) flag++;
    else if ( ver == "15.1(1)MR4" ) flag++;
    else if ( ver == "15.1(1)MR5" ) flag++;
    else if ( ver == "15.1(1)MR6" ) flag++;
    else if ( ver == "15.1(1)S" ) flag++;
    else if ( ver == "15.1(1)S1" ) flag++;
    else if ( ver == "15.1(1)S2" ) flag++;
    else if ( ver == "15.1(1)SG" ) flag++;
    else if ( ver == "15.1(1)SG1" ) flag++;
    else if ( ver == "15.1(1)SG2" ) flag++;
    else if ( ver == "15.1(1)SY" ) flag++;
    else if ( ver == "15.1(1)SY1" ) flag++;
    else if ( ver == "15.1(1)SY2" ) flag++;
    else if ( ver == "15.1(1)SY3" ) flag++;
    else if ( ver == "15.1(1)SY4" ) flag++;
    else if ( ver == "15.1(1)SY5" ) flag++;
    else if ( ver == "15.1(1)SY6" ) flag++;
    else if ( ver == "15.1(1)T" ) flag++;
    else if ( ver == "15.1(1)T1" ) flag++;
    else if ( ver == "15.1(1)T2" ) flag++;
    else if ( ver == "15.1(1)T3" ) flag++;
    else if ( ver == "15.1(1)T4" ) flag++;
    else if ( ver == "15.1(1)T5" ) flag++;
    else if ( ver == "15.1(1)XB" ) flag++;
    else if ( ver == "15.1(1)XB1" ) flag++;
    else if ( ver == "15.1(1)XB2" ) flag++;
    else if ( ver == "15.1(1)XB3" ) flag++;
    else if ( ver == "15.1(2)GC" ) flag++;
    else if ( ver == "15.1(2)GC1" ) flag++;
    else if ( ver == "15.1(2)GC2" ) flag++;
    else if ( ver == "15.1(2)S" ) flag++;
    else if ( ver == "15.1(2)S1" ) flag++;
    else if ( ver == "15.1(2)S2" ) flag++;
    else if ( ver == "15.1(2)SG" ) flag++;
    else if ( ver == "15.1(2)SG1" ) flag++;
    else if ( ver == "15.1(2)SG2" ) flag++;
    else if ( ver == "15.1(2)SG3" ) flag++;
    else if ( ver == "15.1(2)SG4" ) flag++;
    else if ( ver == "15.1(2)SG5" ) flag++;
    else if ( ver == "15.1(2)SG6" ) flag++;
    else if ( ver == "15.1(2)SG7" ) flag++;
    else if ( ver == "15.1(2)SG7a" ) flag++;
    else if ( ver == "15.1(2)SG8" ) flag++;
    else if ( ver == "15.1(2)SNG" ) flag++;
    else if ( ver == "15.1(2)SNH" ) flag++;
    else if ( ver == "15.1(2)SNH1" ) flag++;
    else if ( ver == "15.1(2)SNI" ) flag++;
    else if ( ver == "15.1(2)SNI1" ) flag++;
    else if ( ver == "15.1(2)SY" ) flag++;
    else if ( ver == "15.1(2)SY1" ) flag++;
    else if ( ver == "15.1(2)SY2" ) flag++;
    else if ( ver == "15.1(2)SY3" ) flag++;
    else if ( ver == "15.1(2)SY4" ) flag++;
    else if ( ver == "15.1(2)SY4a" ) flag++;
    else if ( ver == "15.1(2)SY5" ) flag++;
    else if ( ver == "15.1(2)SY6" ) flag++;
    else if ( ver == "15.1(2)SY7" ) flag++;
    else if ( ver == "15.1(2)SY8" ) flag++;
    else if ( ver == "15.1(2)T" ) flag++;
    else if ( ver == "15.1(2)T0a" ) flag++;
    else if ( ver == "15.1(2)T1" ) flag++;
    else if ( ver == "15.1(2)T2" ) flag++;
    else if ( ver == "15.1(2)T2a" ) flag++;
    else if ( ver == "15.1(2)T3" ) flag++;
    else if ( ver == "15.1(2)T4" ) flag++;
    else if ( ver == "15.1(2)T5" ) flag++;
    else if ( ver == "15.1(3)MR" ) flag++;
    else if ( ver == "15.1(3)MRA" ) flag++;
    else if ( ver == "15.1(3)MRA1" ) flag++;
    else if ( ver == "15.1(3)MRA2" ) flag++;
    else if ( ver == "15.1(3)MRA3" ) flag++;
    else if ( ver == "15.1(3)MRA4" ) flag++;
    else if ( ver == "15.1(3)S" ) flag++;
    else if ( ver == "15.1(3)S0a" ) flag++;
    else if ( ver == "15.1(3)S1" ) flag++;
    else if ( ver == "15.1(3)S2" ) flag++;
    else if ( ver == "15.1(3)S3" ) flag++;
    else if ( ver == "15.1(3)S4" ) flag++;
    else if ( ver == "15.1(3)S5" ) flag++;
    else if ( ver == "15.1(3)S5a" ) flag++;
    else if ( ver == "15.1(3)S6" ) flag++;
    else if ( ver == "15.1(3)S7" ) flag++;
    else if ( ver == "15.1(3)T" ) flag++;
    else if ( ver == "15.1(3)T1" ) flag++;
    else if ( ver == "15.1(3)T2" ) flag++;
    else if ( ver == "15.1(3)T3" ) flag++;
    else if ( ver == "15.1(3)T4" ) flag++;
    else if ( ver == "15.1(4)GC" ) flag++;
    else if ( ver == "15.1(4)GC1" ) flag++;
    else if ( ver == "15.1(4)GC2" ) flag++;
    else if ( ver == "15.1(4)M" ) flag++;
    else if ( ver == "15.1(4)M0a" ) flag++;
    else if ( ver == "15.1(4)M0b" ) flag++;
    else if ( ver == "15.1(4)M1" ) flag++;
    else if ( ver == "15.1(4)M10" ) flag++;
    else if ( ver == "15.1(4)M11" ) flag++;
    else if ( ver == "15.1(4)M12" ) flag++;
    else if ( ver == "15.1(4)M2" ) flag++;
    else if ( ver == "15.1(4)M3" ) flag++;
    else if ( ver == "15.1(4)M3a" ) flag++;
    else if ( ver == "15.1(4)M4" ) flag++;
    else if ( ver == "15.1(4)M5" ) flag++;
    else if ( ver == "15.1(4)M6" ) flag++;
    else if ( ver == "15.1(4)M7" ) flag++;
    else if ( ver == "15.1(4)M8" ) flag++;
    else if ( ver == "15.1(4)M9" ) flag++;
    else if ( ver == "15.1(4)XB4" ) flag++;
    else if ( ver == "15.1(4)XB5" ) flag++;
    else if ( ver == "15.1(4)XB5a" ) flag++;
    else if ( ver == "15.1(4)XB6" ) flag++;
    else if ( ver == "15.1(4)XB7" ) flag++;
    else if ( ver == "15.1(4)XB8" ) flag++;
    else if ( ver == "15.1(4)XB8a" ) flag++;
    else if ( ver == "15.2(1)E" ) flag++;
    else if ( ver == "15.2(1)E1" ) flag++;
    else if ( ver == "15.2(1)E2" ) flag++;
    else if ( ver == "15.2(1)E3" ) flag++;
    else if ( ver == "15.2(1)EY" ) flag++;
    else if ( ver == "15.2(1)EY1" ) flag++;
    else if ( ver == "15.2(1)EY2" ) flag++;
    else if ( ver == "15.2(1)GC" ) flag++;
    else if ( ver == "15.2(1)GC1" ) flag++;
    else if ( ver == "15.2(1)GC2" ) flag++;
    else if ( ver == "15.2(1)S" ) flag++;
    else if ( ver == "15.2(1)S1" ) flag++;
    else if ( ver == "15.2(1)S2" ) flag++;
    else if ( ver == "15.2(1)SY" ) flag++;
    else if ( ver == "15.2(1)SY0a" ) flag++;
    else if ( ver == "15.2(1)SY1" ) flag++;
    else if ( ver == "15.2(1)SY1a" ) flag++;
    else if ( ver == "15.2(1)SY2" ) flag++;
    else if ( ver == "15.2(1)T" ) flag++;
    else if ( ver == "15.2(1)T1" ) flag++;
    else if ( ver == "15.2(1)T2" ) flag++;
    else if ( ver == "15.2(1)T3" ) flag++;
    else if ( ver == "15.2(1)T3a" ) flag++;
    else if ( ver == "15.2(1)T4" ) flag++;
    else if ( ver == "15.2(2a)E1" ) flag++;
    else if ( ver == "15.2(2b)E" ) flag++;
    else if ( ver == "15.2(2)E" ) flag++;
    else if ( ver == "15.2(2)E1" ) flag++;
    else if ( ver == "15.2(2)E2" ) flag++;
    else if ( ver == "15.2(2)E3" ) flag++;
    else if ( ver == "15.2(2)E4" ) flag++;
    else if ( ver == "15.2(2)E5" ) flag++;
    else if ( ver == "15.2(2)E6" ) flag++;
    else if ( ver == "15.2(2)EA1" ) flag++;
    else if ( ver == "15.2(2)EA2" ) flag++;
    else if ( ver == "15.2(2)EA3" ) flag++;
    else if ( ver == "15.2(2)EB" ) flag++;
    else if ( ver == "15.2(2)EB1" ) flag++;
    else if ( ver == "15.2(2)EB2" ) flag++;
    else if ( ver == "15.2(2)GC" ) flag++;
    else if ( ver == "15.2(2)S" ) flag++;
    else if ( ver == "15.2(2)S1" ) flag++;
    else if ( ver == "15.2(2)S2" ) flag++;
    else if ( ver == "15.2(2)SNG" ) flag++;
    else if ( ver == "15.2(2)SNH" ) flag++;
    else if ( ver == "15.2(2)SNH1" ) flag++;
    else if ( ver == "15.2(2)SNI" ) flag++;
    else if ( ver == "15.2(2)SY" ) flag++;
    else if ( ver == "15.2(2)SY1" ) flag++;
    else if ( ver == "15.2(2)SY2" ) flag++;
    else if ( ver == "15.2(2)T" ) flag++;
    else if ( ver == "15.2(2)T1" ) flag++;
    else if ( ver == "15.2(2)T2" ) flag++;
    else if ( ver == "15.2(2)T3" ) flag++;
    else if ( ver == "15.2(2)T4" ) flag++;
    else if ( ver == "15.2(3a)E" ) flag++;
    else if ( ver == "15.2(3a)E1" ) flag++;
    else if ( ver == "15.2(3)E" ) flag++;
    else if ( ver == "15.2(3)E1" ) flag++;
    else if ( ver == "15.2(3)E2" ) flag++;
    else if ( ver == "15.2(3)E2a" ) flag++;
    else if ( ver == "15.2(3)E3" ) flag++;
    else if ( ver == "15.2(3)EA" ) flag++;
    else if ( ver == "15.2(3)EA1" ) flag++;
    else if ( ver == "15.2(3)EX" ) flag++;
    else if ( ver == "15.2(3)GC" ) flag++;
    else if ( ver == "15.2(3)GC1" ) flag++;
    else if ( ver == "15.2(3)GCA" ) flag++;
    else if ( ver == "15.2(3)GCA1" ) flag++;
    else if ( ver == "15.2(3m)E2" ) flag++;
    else if ( ver == "15.2(3m)E3" ) flag++;
    else if ( ver == "15.2(3m)E5" ) flag++;
    else if ( ver == "15.2(3m)E6" ) flag++;
    else if ( ver == "15.2(3m)E7" ) flag++;
    else if ( ver == "15.2(3)T" ) flag++;
    else if ( ver == "15.2(3)T1" ) flag++;
    else if ( ver == "15.2(3)T2" ) flag++;
    else if ( ver == "15.2(3)T3" ) flag++;
    else if ( ver == "15.2(3)T4" ) flag++;
    else if ( ver == "15.2(3)XA" ) flag++;
    else if ( ver == "15.2(4)E" ) flag++;
    else if ( ver == "15.2(4)E1" ) flag++;
    else if ( ver == "15.2(4)E2" ) flag++;
    else if ( ver == "15.2(4)E3" ) flag++;
    else if ( ver == "15.2(4)EA" ) flag++;
    else if ( ver == "15.2(4)EA1" ) flag++;
    else if ( ver == "15.2(4)EA2" ) flag++;
    else if ( ver == "15.2(4)EA3" ) flag++;
    else if ( ver == "15.2(4)EA4" ) flag++;
    else if ( ver == "15.2(4)EB" ) flag++;
    else if ( ver == "15.2(4)EC" ) flag++;
    else if ( ver == "15.2(4)EC1" ) flag++;
    else if ( ver == "15.2(4)GC" ) flag++;
    else if ( ver == "15.2(4)GC1" ) flag++;
    else if ( ver == "15.2(4)GC2" ) flag++;
    else if ( ver == "15.2(4)GC3" ) flag++;
    else if ( ver == "15.2(4)M" ) flag++;
    else if ( ver == "15.2(4)M1" ) flag++;
    else if ( ver == "15.2(4)M10" ) flag++;
    else if ( ver == "15.2(4)M2" ) flag++;
    else if ( ver == "15.2(4)M3" ) flag++;
    else if ( ver == "15.2(4)M4" ) flag++;
    else if ( ver == "15.2(4)M5" ) flag++;
    else if ( ver == "15.2(4)M6" ) flag++;
    else if ( ver == "15.2(4)M6a" ) flag++;
    else if ( ver == "15.2(4)M6b" ) flag++;
    else if ( ver == "15.2(4)M7" ) flag++;
    else if ( ver == "15.2(4)M8" ) flag++;
    else if ( ver == "15.2(4)M9" ) flag++;
    else if ( ver == "15.2(4m)E1" ) flag++;
    else if ( ver == "15.2(4m)E3" ) flag++;
    else if ( ver == "15.2(4)S" ) flag++;
    else if ( ver == "15.2(4)S1" ) flag++;
    else if ( ver == "15.2(4)S2" ) flag++;
    else if ( ver == "15.2(4)S3" ) flag++;
    else if ( ver == "15.2(4)S3a" ) flag++;
    else if ( ver == "15.2(4)S4" ) flag++;
    else if ( ver == "15.2(4)S4a" ) flag++;
    else if ( ver == "15.2(4)S5" ) flag++;
    else if ( ver == "15.2(4)S6" ) flag++;
    else if ( ver == "15.2(4)S7" ) flag++;
    else if ( ver == "15.2(4)S8" ) flag++;
    else if ( ver == "15.2(4)XB10" ) flag++;
    else if ( ver == "15.2(4)XB11" ) flag++;
    else if ( ver == "15.2(5a)E" ) flag++;
    else if ( ver == "15.2(5b)E" ) flag++;
    else if ( ver == "15.2(5)E" ) flag++;
    else if ( ver == "15.2(5)E1" ) flag++;
    else if ( ver == "15.2(5)EA" ) flag++;
    else if ( ver == "15.3(0)SY" ) flag++;
    else if ( ver == "15.3(1)S" ) flag++;
    else if ( ver == "15.3(1)S1" ) flag++;
    else if ( ver == "15.3(1)S1e" ) flag++;
    else if ( ver == "15.3(1)S2" ) flag++;
    else if ( ver == "15.3(1)SY" ) flag++;
    else if ( ver == "15.3(1)SY1" ) flag++;
    else if ( ver == "15.3(1)T" ) flag++;
    else if ( ver == "15.3(1)T1" ) flag++;
    else if ( ver == "15.3(1)T2" ) flag++;
    else if ( ver == "15.3(1)T3" ) flag++;
    else if ( ver == "15.3(1)T4" ) flag++;
    else if ( ver == "15.3(2)S" ) flag++;
    else if ( ver == "15.3(2)S0a" ) flag++;
    else if ( ver == "15.3(2)S1" ) flag++;
    else if ( ver == "15.3(2)S2" ) flag++;
    else if ( ver == "15.3(2)T" ) flag++;
    else if ( ver == "15.3(2)T1" ) flag++;
    else if ( ver == "15.3(2)T2" ) flag++;
    else if ( ver == "15.3(2)T3" ) flag++;
    else if ( ver == "15.3(2)T4" ) flag++;
    else if ( ver == "15.3(3)M" ) flag++;
    else if ( ver == "15.3(3)M1" ) flag++;
    else if ( ver == "15.3(3)M2" ) flag++;
    else if ( ver == "15.3(3)M3" ) flag++;
    else if ( ver == "15.3(3)M4" ) flag++;
    else if ( ver == "15.3(3)M5" ) flag++;
    else if ( ver == "15.3(3)M6" ) flag++;
    else if ( ver == "15.3(3)M7" ) flag++;
    else if ( ver == "15.3(3)M8" ) flag++;
    else if ( ver == "15.3(3)S" ) flag++;
    else if ( ver == "15.3(3)S1" ) flag++;
    else if ( ver == "15.3(3)S1a" ) flag++;
    else if ( ver == "15.3(3)S2" ) flag++;
    else if ( ver == "15.3(3)S2a" ) flag++;
    else if ( ver == "15.3(3)S3" ) flag++;
    else if ( ver == "15.3(3)S4" ) flag++;
    else if ( ver == "15.3(3)S5" ) flag++;
    else if ( ver == "15.3(3)S6" ) flag++;
    else if ( ver == "15.3(3)S6a" ) flag++;
    else if ( ver == "15.3(3)S7" ) flag++;
    else if ( ver == "15.3(3)S8" ) flag++;
    else if ( ver == "15.3(3)XB12" ) flag++;
    else if ( ver == "15.4(1)CG" ) flag++;
    else if ( ver == "15.4(1)CG1" ) flag++;
    else if ( ver == "15.4(1)S" ) flag++;
    else if ( ver == "15.4(1)S1" ) flag++;
    else if ( ver == "15.4(1)S2" ) flag++;
    else if ( ver == "15.4(1)S3" ) flag++;
    else if ( ver == "15.4(1)S4" ) flag++;
    else if ( ver == "15.4(1)SY" ) flag++;
    else if ( ver == "15.4(1)SY1" ) flag++;
    else if ( ver == "15.4(1)T" ) flag++;
    else if ( ver == "15.4(1)T1" ) flag++;
    else if ( ver == "15.4(1)T2" ) flag++;
    else if ( ver == "15.4(1)T3" ) flag++;
    else if ( ver == "15.4(1)T4" ) flag++;
    else if ( ver == "15.4(2)CG" ) flag++;
    else if ( ver == "15.4(2)S" ) flag++;
    else if ( ver == "15.4(2)S1" ) flag++;
    else if ( ver == "15.4(2)S2" ) flag++;
    else if ( ver == "15.4(2)S3" ) flag++;
    else if ( ver == "15.4(2)S4" ) flag++;
    else if ( ver == "15.4(2)SN" ) flag++;
    else if ( ver == "15.4(2)SN1" ) flag++;
    else if ( ver == "15.4(2)T" ) flag++;
    else if ( ver == "15.4(2)T1" ) flag++;
    else if ( ver == "15.4(2)T2" ) flag++;
    else if ( ver == "15.4(2)T3" ) flag++;
    else if ( ver == "15.4(2)T4" ) flag++;
    else if ( ver == "15.4(3)M" ) flag++;
    else if ( ver == "15.4(3)M1" ) flag++;
    else if ( ver == "15.4(3)M2" ) flag++;
    else if ( ver == "15.4(3)M3" ) flag++;
    else if ( ver == "15.4(3)M4" ) flag++;
    else if ( ver == "15.4(3)M5" ) flag++;
    else if ( ver == "15.4(3)M6" ) flag++;
    else if ( ver == "15.4(3)S" ) flag++;
    else if ( ver == "15.4(3)S0d" ) flag++;
    else if ( ver == "15.4(3)S0e" ) flag++;
    else if ( ver == "15.4(3)S0f" ) flag++;
    else if ( ver == "15.4(3)S1" ) flag++;
    else if ( ver == "15.4(3)S2" ) flag++;
    else if ( ver == "15.4(3)S3" ) flag++;
    else if ( ver == "15.4(3)S4" ) flag++;
    else if ( ver == "15.4(3)S5" ) flag++;
    else if ( ver == "15.4(3)S5a" ) flag++;
    else if ( ver == "15.4(3)S6" ) flag++;
    else if ( ver == "15.4(3)S7" ) flag++;
    else if ( ver == "15.4(3)SN1" ) flag++;
    else if ( ver == "15.4(3)SN1a" ) flag++;
    else if ( ver == "15.4(3)SN2" ) flag++;
    else if ( ver == "15.5(1)S" ) flag++;
    else if ( ver == "15.5(1)S1" ) flag++;
    else if ( ver == "15.5(1)S2" ) flag++;
    else if ( ver == "15.5(1)S3" ) flag++;
    else if ( ver == "15.5(1)S4" ) flag++;
    else if ( ver == "15.5(1)SN" ) flag++;
    else if ( ver == "15.5(1)SN1" ) flag++;
    else if ( ver == "15.5(1)T" ) flag++;
    else if ( ver == "15.5(1)T1" ) flag++;
    else if ( ver == "15.5(1)T2" ) flag++;
    else if ( ver == "15.5(1)T3" ) flag++;
    else if ( ver == "15.5(1)T4" ) flag++;
    else if ( ver == "15.5(2)S" ) flag++;
    else if ( ver == "15.5(2)S1" ) flag++;
    else if ( ver == "15.5(2)S2" ) flag++;
    else if ( ver == "15.5(2)S3" ) flag++;
    else if ( ver == "15.5(2)S4" ) flag++;
    else if ( ver == "15.5(2)SN" ) flag++;
    else if ( ver == "15.5(2)SN0a" ) flag++;
    else if ( ver == "15.5(2)T" ) flag++;
    else if ( ver == "15.5(2)T1" ) flag++;
    else if ( ver == "15.5(2)T2" ) flag++;
    else if ( ver == "15.5(2)T3" ) flag++;
    else if ( ver == "15.5(2)T4" ) flag++;
    else if ( ver == "15.5(2)XB" ) flag++;
    else if ( ver == "15.5(3)M" ) flag++;
    else if ( ver == "15.5(3)M0a" ) flag++;
    else if ( ver == "15.5(3)M1" ) flag++;
    else if ( ver == "15.5(3)M2" ) flag++;
    else if ( ver == "15.5(3)M2a" ) flag++;
    else if ( ver == "15.5(3)M3" ) flag++;
    else if ( ver == "15.5(3)S" ) flag++;
    else if ( ver == "15.5(3)S0a" ) flag++;
    else if ( ver == "15.5(3)S1" ) flag++;
    else if ( ver == "15.5(3)S1a" ) flag++;
    else if ( ver == "15.5(3)S2" ) flag++;
    else if ( ver == "15.5(3)S2a" ) flag++;
    else if ( ver == "15.5(3)S2b" ) flag++;
    else if ( ver == "15.5(3)S3" ) flag++;
    else if ( ver == "15.5(3)S4b" ) flag++;
    else if ( ver == "15.5(3)SN" ) flag++;
    else if ( ver == "15.5(3)SN0a" ) flag++;
    else if ( ver == "15.6(1)S" ) flag++;
    else if ( ver == "15.6(1)S1" ) flag++;
    else if ( ver == "15.6(1)S1a" ) flag++;
    else if ( ver == "15.6(1)S2" ) flag++;
    else if ( ver == "15.6(1)SN" ) flag++;
    else if ( ver == "15.6(1)SN1" ) flag++;
    else if ( ver == "15.6(1)T" ) flag++;
    else if ( ver == "15.6(1)T0a" ) flag++;
    else if ( ver == "15.6(1)T1" ) flag++;
    else if ( ver == "15.6(1)T2" ) flag++;
    else if ( ver == "15.6(2)S" ) flag++;
    else if ( ver == "15.6(2)S0a" ) flag++;
    else if ( ver == "15.6(2)S1" ) flag++;
    else if ( ver == "15.6(2)SN" ) flag++;
    else if ( ver == "15.6(2)SP" ) flag++;
    else if ( ver == "15.6(2)SP1" ) flag++;
    else if ( ver == "15.6(2)T" ) flag++;
    else if ( ver == "15.6(2)T0a" ) flag++;
    else if ( ver == "15.6(2)T1" ) flag++;
    else if ( ver == "15.6(3)M" ) flag++;
    
    # Check that IKEv1 config or IKEv1 is running
    cmd_list = make_list();
    if (flag && get_kb_item("Host/local_checks_enabled"))
    {
      flag = 0;
    
      # Check for condition 1, IKEv1 config
      buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config","show running-config");
      if (check_cisco_result(buf))
      {
        if (
          "crypto gdoi" >< buf
          ||
          "crypto map" >< buf
          ||
          "tunnel protection ipsec" >< buf
        )
        {
          flag = 1;
          cmd_list = make_list("show running-config");
        }
      }
      else if (cisco_needs_enable(buf))
      {
        flag = 1;
        override = 1;
      }
    
      # Check for condition 2, IKEv1 is running
      if (flag)
      {
        flag = 0;
    
        pat = "(\d+.\d+.\d+.\d+|.*:.*|UNKNOWN|--any--)\s+(500|848|4500|4848)\s";
        buf = cisco_command_kb_item("Host/Cisco/Config/show_ip_sockets","show ip sockets");
        if (!flag)
        {
          if (check_cisco_result(buf))
          {
            if (
              preg(multiline:TRUE, pattern:pat, string:buf)
            )
            {
              flag = 1;
              cmd_list = make_list(cmd_list, "show ip sockets");
            }
          }
          else if (cisco_needs_enable(buf))
          {
            flag = 1;
            override = 1;
          }
        }
    
        if (!flag)
        {
          buf = cisco_command_kb_item("Host/Cisco/Config/show_udp","show udp");
          if (check_cisco_result(buf))
          {
            if (
              preg(multiline:TRUE, pattern:pat, string:buf)
            )
            {
              flag = 1;
              cmd_list = make_list(cmd_list, "show udp");
            }
          }
          else if (cisco_needs_enable(buf))
          {
            flag = 1;
            override = 1;
          }
        }
      }
    }
    
    if (flag)
    {
      security_report_cisco(
        port     : 0,
        severity : SECURITY_WARNING,
        override : override,
        version  : ver,
        bug_id   : "CSCvb29204",
        cmds     : cmd_list
      );
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

The Hacker News

idTHN:425E35018D9F6A7EB2378DEB5FC8A65C
last seen2018-01-27
modified2016-09-20
published2016-09-19
reporterMohit Kumar
sourcehttps://thehackernews.com/2016/09/cisco-nsa-exploit.html
titleCisco finds new Zero-Day Exploit linked to NSA Hackers