Vulnerabilities > CVE-2019-1858 - Improper Handling of Exceptional Conditions vulnerability in Cisco Nx-Os

047910
CVSS 8.6 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
cisco
CWE-755
nessus

Summary

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.

Vulnerable Configurations

Part Description Count
OS
Cisco
875
Hardware
Cisco
138

Nessus

  • NASL familyCISCO
    NASL idCISCO-SA-20190515-FXOS-SNMP-DOS.NASL
    descriptionAccording to its self-reported version, Cisco FXOS Software is affected by a denial of service (DoS) vulnerability in the Simple Network Management Protocol (SNMP) input packet processor due to improper error handling when processing inbound SNMP packets. An unauthenticated, remote attacker can exploit this, by sending multiple crafted SNMP packets to an affected device, to cause the SNMP application to leak system memory and, eventually, restart, resulting in a DoS condition. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132241
    published2019-12-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132241
    titleCisco FXOS Software Simple Network Management Protocol DoS (cisco-sa-20190515-nxos-snmp-dos)
    code
    #TRUSTED 728344c49c4df19962d38b467d1239a2d11ca1eb165c20f3b73768c784b54bd4083feb7937051f95b68cbc71e3d66f7dac47704c7acefb422d4d54d316bc6effdc0fa0081c58672e2cf7c00e31775307ab655e2ce221d67a719872adbd163f3028652ec7ddcc87464f913827a23802aeb6f918c158e6d7dee4c9910301ce1af050fc9e2207107f8523df8ad45aa1fda6c1b747310329e2fb095d94886c9bd42a571f9139b48ab10c14c356ab82ce56b6b52dd464c87f490b4807d7ebd9a2331187b035612959992b047ceb73be75158d8c73c8c7a8b065d4df1afe79e88365bc796c82f2f65030db5604ad3ba681b2127bfc616021b606c8318ff30137c5560842b40381b487f9eb70963498c1eca53d19f24d207fc0a5a5bf7f9fa03861be4c156ad7a924cf0349abe416cfd46d729082edca7d00b5959cc7866dcd1b95d583915ff918180f224702d8285e86807545740352c70c5fb777bb02878b45875cf1f65f09be5f36ae45559c6fed035ee62a5412621347f7a8ad6e9876dccac3db44adf76ac4f0e16ba29cb51b45ce3fbf7f23014a368e7ee0c6199117552d0348a596be5e8cc5f2f2e41c754ffcc7b1f977ba8994ea7fc2705f3d970efe66916bcf16c875ca94b5b6c8550d38f66295757f53c3194724eed9b54d810f58ea3321b6cb8084e3e19404e5ec64ce771eae8894e9e6bcb9be46381ce9dbe3dca0fe4971
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132241);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/19");
    
      script_cve_id("CVE-2019-1858");
      script_xref(name:"CISCO-BUG-ID", value:"CSCvn19468");
      script_xref(name:"CISCO-SA", value:"cisco-sa-20190515-nxos-snmp-dos");
      script_xref(name:"IAVA", value:"IAVA 2019-A-0173");
    
      script_name(english:"Cisco FXOS Software Simple Network Management Protocol DoS (cisco-sa-20190515-nxos-snmp-dos)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version, Cisco FXOS Software is affected by a denial of service (DoS) vulnerability in
    the Simple Network Management Protocol (SNMP) input packet processor due to improper error handling when processing
    inbound SNMP packets. An unauthenticated, remote attacker can exploit this, by sending multiple crafted SNMP packets to
    an affected device, to cause the SNMP application to leak system memory and, eventually, restart, resulting in a DoS
    condition.
    
    Please see the included Cisco BIDs and Cisco Security Advisory for more information.
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?53871ca2");
      script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn19468");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvn19468");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1858");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:fxos");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CISCO");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("cisco_enumerate_firepower.nbin", "cisco_asa_firepower_version.nasl");
      script_require_keys("installed_sw/FXOS");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('audit.inc');
    include('cisco_workarounds.inc');
    include('ccf.inc');
    
    app_info = vcf::get_app_info(app:'FXOS');
    # Get product_info to use Cisco functions for workaround check
    product_info = make_array('model' , app_info['Model'], 'version' , app_info['version'], 'name', 'FXOS');
    
    if(
      isnull(product_info['model']) ||
      product_info['model'] !~ "^(41|93)[0-9]{2}$"
    ) audit(AUDIT_HOST_NOT, "affected");
    
    
    vuln_ranges = [
      {'min_ver' : '0.0',  'fix_ver': '2.2(2.91)'},
      {'min_ver' : '2.3',  'fix_ver': '2.3(1.130)'},
      {'min_ver' : '2.4',  'fix_ver': '2.4(1.222)'},
      {'min_ver' : '2.6',  'fix_ver': '2.6(1.131)'}
    ];
    
    
    workarounds = make_list(CISCO_WORKAROUNDS['snmp']);
    workaround_params = make_list();
    
    reporting = make_array(
      'port'     , 0,
      'severity' , SECURITY_WARNING,
      'version'  , product_info['version'],
      'bug_id'   , 'CSCvn19468',
      'cmds'     , make_list('show running-config')
    );
    
    cisco::check_and_report(
      product_info:product_info,
      workarounds:workarounds,
      workaround_params:workaround_params,
      reporting:reporting,
      vuln_ranges:vuln_ranges
    );
    
  • NASL familyCISCO
    NASL idCISCO-SA-20190515-NXOS-SNMP-DOS.NASL
    descriptionAccording to its self-reported version, Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability in the Simple Network Management Protocol (SNMP) input packet processor due to improper error handling when processing inbound SNMP packets. An unauthenticated, remote attacker can exploit this, by sending multiple crafted SNMP packets to an affected device, to cause the SNMP application to leak system memory and, eventually, restart, resulting in a DoS condition. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132242
    published2019-12-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132242
    titleCisco NX-OS Software Simple Network Management Protocol DoS (cisco-sa-20190515-nxos-snmp-dos)
    code
    #TRUSTED 74c01dcc8e8d2d9a0a6fc55572707e843190b9264c0656d9d78d336c9dec843b9655351e70dc230097f27bbeeb42a5e88f5e9592b22dcbf65c8e38df541caa8654c072d7dee38c7d35283b7d3de5bb3bdea29f33b66aecc4c7e21f98db64a975bb0a5fbae166024ce28a1b23cf0e38f8c6aedf15eae407a636cceb18cb7db4c42c71d53beb5d98baf5a9b29d50a004e1296abc7f6cab3ae512d13cc170389b56f3f811576bb946ef647291a4721ebce73f25ee3b1a0ef18674656022c1b0a59ff2d0bfa8673135a1a7f7e733f8f12f6375b11aa56651ff00c21ac529da25f7f9dbc5808422d3079b60409c3c993019b2d3f498ef6264c8bafbfcbd00aaf211caa01c148936542e65d8d4b425c6bb2f2b9c8431fdd3031b37b962e96d4b180aa0cb6057634f8accb1a6961fdaeb67d569abe1183ea27fe43904f924ea42cadf5c2b98231acf2558ba8773ab7b49e460f7a8c0a4cff39e603d6889547460370e6ed4ea4d1f75b3c0957f07dc9fda58f32b3039059cbdca3b6778de8a91b8efe55d3816cbf230acd03cf753da0f6ca0072664730befee9084514953cdede8e00723b579df24c9d926b1f4a389426511b6622becd165631422014e688e6d12759a163c3cf57782d3ec250926677b186e5a2ae7c1cc681e197fc331e834c41720a4461cc651e867f3133b8a3cae3cd130783ca1a2c7d1f4560d477c9260650fd8577a
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132242);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/28");
    
      script_cve_id("CVE-2019-1858");
      script_xref(name:"CISCO-BUG-ID", value:"CSCvc58707");
      script_xref(name:"CISCO-BUG-ID", value:"CSCvd45657");
      script_xref(name:"CISCO-BUG-ID", value:"CSCvn19457");
      script_xref(name:"CISCO-BUG-ID", value:"CSCvn19463");
      script_xref(name:"CISCO-BUG-ID", value:"CSCvn19464");
      script_xref(name:"CISCO-BUG-ID", value:"CSCvn19465");
      script_xref(name:"CISCO-BUG-ID", value:"CSCvn19483");
      script_xref(name:"CISCO-SA", value:"cisco-sa-20190515-nxos-snmp-dos");
      script_xref(name:"IAVA", value:"2019-A-0173");
    
      script_name(english:"Cisco NX-OS Software Simple Network Management Protocol DoS (cisco-sa-20190515-nxos-snmp-dos)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version, Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability in
    the Simple Network Management Protocol (SNMP) input packet processor due to improper error handling when processing
    inbound SNMP packets. An unauthenticated, remote attacker can exploit this, by sending multiple crafted SNMP packets to
    an affected device, to cause the SNMP application to leak system memory and, eventually, restart, resulting in a DoS
    condition.
    
    Please see the included Cisco BIDs and Cisco Security Advisory for more information.
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?53871ca2");
      script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc58707");
      script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd45657");
      script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn19457");
      script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn19463");
      script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn19464");
      script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn19465");
      script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn19483");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvc58707, CSCvd45657, CSCvn19457, CSCvn19463,
    CSCvn19464, CSCvn19465, CSCvn19468, and CSCvn19483.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1858");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CISCO");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("cisco_nxos_version.nasl");
      script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device");
    
      exit(0);
    }
    include('audit.inc');
    include('cisco_workarounds.inc');
    include('ccf.inc');
    
    product_info = cisco::get_product_info(name:'Cisco NX-OS Software');
    
    cbi = '';
    
    if ('MDS' >< product_info.device && product_info.model =~ "^90[0-9]{2}")
      cbi = 'CSCvc58707';
    else if ('Nexus' >< product_info.device)
    {
      # Grouping 1000V together as it's not clear we distinguish VMware vSphere and Microsoft Hyper-V
      if (product_info.model =~ "^1000V")
        cbi = 'CSCvn19483, CSCvn19463';
      # We need to distinguish between Nexus 9000 Series Switches in ACI vs. NX-OS mode. From the Cisco Software Download
      # pages, it looks like ACI mode versions are always formatted like ab.c(dA) where abcd are integers and A is any
      # letter of the alphabet. NX-OS versions are never formatted like this.
      else if (product_info.model =~ "^90[0-9]{2}" && pregmatch(icase:TRUE, pattern: "[0-9]+\.[0-9]+\([0-9]+[A-Z]+\)", string:product_info.version))
        cbi = 'CSCvn19457';
      else if (product_info.model =~ "^9[0-9]{3}" || product_info.model =~ "^30[0-9]{2}")
        cbi = 'CSCvd45657';
      else if (product_info.model =~ '^35[0-9]{2}')
        cbi = 'CSCvn19464';
      else if (product_info.model =~ '^(55|56|60)[0-9]{2}')
        cbi = 'CSCvn19465';
      else if (product_info.model =~ '^7[07][0-9]{2}')
        cbi = 'CSCvc58707';
      else audit(AUDIT_HOST_NOT, 'affected');
    }
    else audit(AUDIT_HOST_NOT, 'affected');
    
    version_list=make_list(
      '5.0(2a)',
      '5.0(3)',
      '5.0(5)',
      '5.0(1a)',
      '5.0(1b)',
      '5.0(4)',
      '5.0(4b)',
      '5.0(4c)',
      '5.0(4d)',
      '5.0(7)',
      '5.0(8)',
      '5.0(8a)',
      '5.0(2)',
      '4.2(3)',
      '4.2(4)',
      '4.2(6)',
      '4.2(8)',
      '5.1(1)',
      '5.1(1a)',
      '5.1(3)',
      '5.1(4)',
      '5.1(5)',
      '5.1(6)',
      '5.1(2)',
      '5.2(1)',
      '5.2(3a)',
      '5.2(4)',
      '5.2(5)',
      '5.2(7)',
      '5.2(9)',
      '5.2(3)',
      '5.2(9a)',
      '5.2(2)',
      '5.2(2a)',
      '5.2(2d)',
      '5.2(2s)',
      '5.2(6)',
      '5.2(6b)',
      '5.2(8)',
      '5.2(8a)',
      '5.2(6a)',
      '5.2(8b)',
      '5.2(8c)',
      '5.2(8d)',
      '5.2(8e)',
      '5.2(8f)',
      '5.2(8g)',
      '5.2(8h)',
      '5.2(8i)',
      '6.1(1)',
      '6.1(2)',
      '6.1(3)',
      '6.1(4)',
      '6.1(4a)',
      '6.1(5)',
      '6.1(5a)',
      '4.0(0)N1(1a)',
      '4.0(0)N1(2)',
      '4.0(0)N1(2a)',
      '4.0(1a)N1(1)',
      '4.0(1a)N1(1a)',
      '4.0(1a)N2(1)',
      '4.0(1a)N2(1a)',
      '4.1(3)N1(1)',
      '4.1(3)N1(1a)',
      '4.1(3)N2(1)',
      '4.1(3)N2(1a)',
      '4.2(1)N1(1)',
      '4.2(1)N2(1)',
      '4.2(1)N2(1a)',
      '4.2(1)SV1(4)',
      '4.2(1)SV1(4a)',
      '4.2(1)SV1(4b)',
      '4.2(1)SV1(5.1)',
      '4.2(1)SV1(5.1a)',
      '4.2(1)SV1(5.2)',
      '4.2(1)SV1(5.2b)',
      '4.2(1)SV2(1.1)',
      '4.2(1)SV2(1.1a)',
      '4.2(1)SV2(2.1)',
      '4.2(1)SV2(2.1a)',
      '4.2(1)SV2(2.2)',
      '4.2(1)SV2(2.3)',
      '5.0(2)N1(1)',
      '5.0(2)N2(1)',
      '5.0(2)N2(1a)',
      '5.0(3)A1(1)',
      '5.0(3)A1(2)',
      '5.0(3)A1(2a)',
      '5.0(3)N1(1c)',
      '5.0(3)N1(1)',
      '5.0(3)N1(1a)',
      '5.0(3)N1(1b)',
      '5.0(3)N2(1)',
      '5.0(3)N2(2)',
      '5.0(3)N2(2a)',
      '5.0(3)N2(2b)',
      '5.0(3)U1(1)',
      '5.0(3)U1(1a)',
      '5.0(3)U1(1b)',
      '5.0(3)U1(1d)',
      '5.0(3)U1(2)',
      '5.0(3)U1(2a)',
      '5.0(3)U1(1c)',
      '5.0(3)U2(1)',
      '5.0(3)U2(2)',
      '5.0(3)U2(2a)',
      '5.0(3)U2(2b)',
      '5.0(3)U2(2c)',
      '5.0(3)U2(2d)',
      '5.0(3)U3(1)',
      '5.0(3)U3(2)',
      '5.0(3)U3(2a)',
      '5.0(3)U3(2b)',
      '5.0(3)U4(1)',
      '5.0(3)U5(1)',
      '5.0(3)U5(1a)',
      '5.0(3)U5(1b)',
      '5.0(3)U5(1c)',
      '5.0(3)U5(1d)',
      '5.0(3)U5(1e)',
      '5.0(3)U5(1f)',
      '5.0(3)U5(1g)',
      '5.0(3)U5(1h)',
      '5.0(3)U5(1i)',
      '5.0(3)U5(1j)',
      '5.1(3)N1(1)',
      '5.1(3)N1(1a)',
      '5.1(3)N2(1)',
      '5.1(3)N2(1a)',
      '5.1(3)N2(1b)',
      '5.1(3)N2(1c)',
      '5.2(1)N1(1)',
      '5.2(1)N1(1a)',
      '5.2(1)N1(1b)',
      '5.2(1)N1(2)',
      '5.2(1)N1(2a)',
      '5.2(1)N1(3)',
      '5.2(1)N1(4)',
      '5.2(1)N1(5)',
      '5.2(1)N1(6)',
      '5.2(1)N1(7)',
      '5.2(1)N1(8a)',
      '5.2(1)N1(8)',
      '5.2(1)N1(8b)',
      '5.2(1)N1(9)',
      '5.2(1)N1(9a)',
      '5.2(1)N1(9b)',
      '5.2(1)SM1(5.1)',
      '5.2(1)SM1(5.2)',
      '5.2(1)SM1(5.2a)',
      '5.2(1)SM1(5.2b)',
      '5.2(1)SM1(5.2c)',
      '5.2(1)SM3(1.1)',
      '5.2(1)SM3(1.1a)',
      '5.2(1)SM3(1.1b)',
      '5.2(1)SM3(1.1c)',
      '5.2(1)SV3(1.4)',
      '5.2(1)SV3(1.1)',
      '5.2(1)SV3(1.3)',
      '5.2(1)SV3(1.5a)',
      '5.2(1)SV3(1.5b)',
      '5.2(1)SV3(1.6)',
      '5.2(1)SV3(1.10)',
      '5.2(1)SV3(1.15)',
      '5.2(1)SV3(2.1)',
      '5.2(1)SV3(2.5)',
      '5.2(1)SV3(2.8)',
      '5.2(1)SV3(3.1)',
      '5.2(1)SV3(1.2)',
      '5.2(1)SV3(1.4b)',
      '5.2(1)SV3(3.15)',
      '5.2(1)SV3(4.1)',
      '5.2(1)SV3(1.3a)',
      '5.2(1)SV3(1.3b)',
      '5.2(1)SV3(1.3c)',
      '6.0(1)',
      '6.0(2)',
      '6.0(3)',
      '6.0(4)',
      '6.0(2)A1(1)',
      '6.0(2)A1(1a)',
      '6.0(2)A1(1b)',
      '6.0(2)A1(1c)',
      '6.0(2)A1(1d)',
      '6.0(2)A1(1e)',
      '6.0(2)A1(1f)',
      '6.0(2)A1(2d)',
      '6.0(2)A3(1)',
      '6.0(2)A3(2)',
      '6.0(2)A3(4)',
      '6.0(2)A4(1)',
      '6.0(2)A4(2)',
      '6.0(2)A4(3)',
      '6.0(2)A4(4)',
      '6.0(2)A4(5)',
      '6.0(2)A4(6)',
      '6.0(2)A6(1)',
      '6.0(2)A6(1a)',
      '6.0(2)A6(2)',
      '6.0(2)A6(2a)',
      '6.0(2)A6(3)',
      '6.0(2)A6(3a)',
      '6.0(2)A6(4)',
      '6.0(2)A6(4a)',
      '6.0(2)A6(5)',
      '6.0(2)A6(5a)',
      '6.0(2)A6(5b)',
      '6.0(2)A6(6)',
      '6.0(2)A6(7)',
      '6.0(2)A6(8)',
      '6.0(2)A7(1)',
      '6.0(2)A7(1a)',
      '6.0(2)A7(2)',
      '6.0(2)A7(2a)',
      '6.0(2)A8(1)',
      '6.0(2)A8(2)',
      '6.0(2)A8(3)',
      '6.0(2)N1(1)',
      '6.0(2)N1(2)',
      '6.0(2)N1(2a)',
      '6.0(2)N1(1a)',
      '6.0(2)N2(1)',
      '6.0(2)N2(1b)',
      '6.0(2)N2(2)',
      '6.0(2)N2(3)',
      '6.0(2)N2(4)',
      '6.0(2)N2(5)',
      '6.0(2)N2(5a)',
      '6.0(2)N2(6)',
      '6.0(2)N2(7)',
      '6.0(2)U1(1)',
      '6.0(2)U1(2)',
      '6.0(2)U1(1a)',
      '6.0(2)U1(3)',
      '6.0(2)U1(4)',
      '6.0(2)U2(1)',
      '6.0(2)U2(2)',
      '6.0(2)U2(3)',
      '6.0(2)U2(4)',
      '6.0(2)U2(5)',
      '6.0(2)U2(6)',
      '6.0(2)U3(1)',
      '6.0(2)U3(2)',
      '6.0(2)U3(3)',
      '6.0(2)U3(4)',
      '6.0(2)U3(5)',
      '6.0(2)U3(6)',
      '6.0(2)U3(7)',
      '6.0(2)U3(8)',
      '6.0(2)U3(9)',
      '6.0(2)U4(1)',
      '6.0(2)U4(2)',
      '6.0(2)U4(3)',
      '6.0(2)U4(4)',
      '6.0(2)U5(1)',
      '6.0(2)U5(2)',
      '6.0(2)U5(3)',
      '6.0(2)U5(4)',
      '6.0(2)U6(1)',
      '6.0(2)U6(2)',
      '6.0(2)U6(3)',
      '6.0(2)U6(4)',
      '6.0(2)U6(5)',
      '6.0(2)U6(6)',
      '6.0(2)U6(7)',
      '6.0(2)U6(8)',
      '6.0(2)U6(1a)',
      '6.0(2)U6(2a)',
      '6.0(2)U6(3a)',
      '6.0(2)U6(4a)',
      '6.0(2)U6(5a)',
      '6.0(2)U6(5b)',
      '6.0(2)U6(5c)',
      '6.0(2)U6(9)',
      '6.0(2)U6(10)',
      '6.1(2)I1(3)',
      '6.1(2)I1(1)',
      '6.1(2)I2(1)',
      '6.1(2)I2(2)',
      '6.1(2)I2(2a)',
      '6.1(2)I2(3)',
      '6.1(2)I2(2b)',
      '6.1(2)I3(1)',
      '6.1(2)I3(2)',
      '6.1(2)I3(3)',
      '6.1(2)I3(4)',
      '6.1(2)I3(3a)',
      '6.1(2)I3(4a)',
      '6.1(2)I3(4b)',
      '6.1(2)I3(4c)',
      '6.1(2)I3(4d)',
      '6.1(2)I3(4e)',
      '6.1(2)I3(5)',
      '6.1(2)I3(5a)',
      '6.1(2)I3(5b)',
      '6.2(2)',
      '6.2(2a)',
      '6.2(6)',
      '6.2(6b)',
      '6.2(8)',
      '6.2(8a)',
      '6.2(8b)',
      '6.2(10)',
      '6.2(12)',
      '6.2(18)',
      '6.2(16)',
      '6.2(14)',
      '6.2(6a)',
      '6.2(20)',
      '6.2(1)',
      '6.2(3)',
      '6.2(5)',
      '6.2(5a)',
      '6.2(5b)',
      '6.2(7)',
      '6.2(9)',
      '6.2(9a)',
      '6.2(9b)',
      '6.2(9c)',
      '6.2(20a)',
      '7.0(0)N1(1)',
      '7.0(1)N1(1)',
      '7.0(2)I2(2c)',
      '7.0(2)N1(1)',
      '7.0(3)F1(1)',
      '7.0(3)F2(1)',
      '7.0(3)F2(2)',
      '7.0(3)I1(1)',
      '7.0(3)I1(1a)',
      '7.0(3)I1(1b)',
      '7.0(3)I1(2)',
      '7.0(3)I1(3)',
      '7.0(3)I1(3a)',
      '7.0(3)I1(3b)',
      '7.0(3)I2(2a)',
      '7.0(3)I2(2b)',
      '7.0(3)I2(2c)',
      '7.0(3)I2(2d)',
      '7.0(3)I2(2e)',
      '7.0(3)I2(3)',
      '7.0(3)I2(4)',
      '7.0(3)I2(5)',
      '7.0(3)I2(1)',
      '7.0(3)I3(1)',
      '7.0(3)I4(1)',
      '7.0(3)I4(2)',
      '7.0(3)I4(3)',
      '7.0(3)I4(4)',
      '7.0(3)I4(5)',
      '7.0(3)I4(6)',
      '7.0(3)I4(7)',
      '7.0(3)I5(1)',
      '7.0(3)I5(2)',
      '7.0(3)I6(1)',
      '7.0(3)I6(2)',
      '7.0(3)I7(1)',
      '7.0(3)IX1(2)',
      '7.0(3)IX1(2a)',
      '7.0(3)N1(1)',
      '7.0(4)N1(1)',
      '7.0(5)N1(1)',
      '7.0(5)N1(1a)',
      '7.0(6)N1(1)',
      '7.0(7)N1(1)',
      '7.0(8)N1(1)',
      '7.1(0)N1(1a)',
      '7.1(0)N1(1b)',
      '7.1(0)N1(1)',
      '7.1(1)N1(1)',
      '7.1(2)N1(1)',
      '7.1(3)N1(1)',
      '7.1(3)N1(2)',
      '7.1(4)N1(1)',
      '7.1(5)N1(1)',
      '7.2(0)N1(1)',
      '7.2(1)N1(1)',
      '7.3(0)N1(1)',
      '7.3(1)N1(1)',
      '7.3(2)N1(1)',
      '7.3(3)N1(1)',
      '8.0(1)',
      '7.3(4)N1(1)',
      '11.0(1b)',
      '11.0(1c)',
      '11.0(1d)',
      '11.0(1e)',
      '11.0(2j)',
      '11.0(2m)',
      '11.0(3f)',
      '11.0(3i)',
      '11.0(3k)',
      '11.0(3n)',
      '11.0(3o)',
      '11.0(4h)',
      '11.0(4o)',
      '11.0(4q)',
      '11.1(1j)',
      '11.1(1o)',
      '11.1(1r)',
      '11.1(1s)',
      '11.1(2h)',
      '11.1(2i)',
      '11.1(3f)',
      '11.1(4e)',
      '11.1(4e)',
      '11.1(4f)',
      '11.1(4g)',
      '11.1(4i)',
      '11.1(4l)',
      '11.1(4m)',
      '11.2(1i)',
      '11.2(2g)',
      '11.2(3c)',
      '11.2(2h)',
      '11.2(2i)',
      '11.2(3e)',
      '11.2(3h)',
      '11.2(3m)',
      '11.2(1k)',
      '11.2(1m)',
      '11.2(2j)',
      '12.0(1m)',
      '12.0(2g)',
      '12.0(1n)',
      '12.0(1o)',
      '12.0(1p)',
      '12.0(1q)',
      '12.0(2h)',
      '12.0(2l)',
      '12.0(2m)',
      '12.0(2n)',
      '12.0(2o)',
      '12.0(2f)',
      '12.0(1r)',
      '12.1(1h)',
      '12.1(2e)',
      '12.1(3g)',
      '12.1(4a)',
      '12.1(1i)',
      '12.1(2g)',
      '12.1(2k)',
      '12.1(3h)',
      '12.1(3j)',
      '12.2(1n)',
      '12.2(2e)',
      '12.2(3j)',
      '12.2(4f)',
      '12.2(4p)',
      '12.2(3p)',
      '12.2(3r)',
      '12.2(3s)',
      '12.2(3t)',
      '12.2(2f)',
      '12.2(2g)',
      '12.2(2i)',
      '12.2(2j)',
      '12.2(2k)',
      '12.2(2q)',
      '12.2(1o)',
      '12.2(4q)',
      '12.2(4r)',
      '12.3(1e)',
      '12.3(1f)',
      '12.3(1i)',
      '12.3(1l)',
      '12.3(1o)',
      '12.3(1p)',
      '13.0(1k)',
      '13.0(2h)',
      '13.0(2k)',
      '13.0(2n)',
      '13.1(1i)',
      '13.1(2m)',
      '13.1(2o)',
      '13.1(2p)',
      '13.1(2q)',
      '13.1(2s)',
      '13.1(2t)',
      '13.2(1l)',
      '13.2(1m)',
      '13.2(2l)',
      '13.2(2o)',
      '13.2(3i)',
      '13.2(3n)',
      '13.2(3o)',
      '13.2(3r)',
      '13.2(4d)',
      '13.2(4e)',
      '11.3(1g)',
      '11.3(2f)',
      '11.3(1h)',
      '11.3(1i)',
      '11.3(2h)',
      '11.3(2i)',
      '11.3(2k)',
      '11.3(1j)',
      '11.3(2j)',
      '14.0(1h)'
    );
    
    workarounds = make_list(CISCO_WORKAROUNDS['snmp']);
    workaround_params = make_list();
    
    reporting = make_array(
      'port'     , 0,
      'severity' , SECURITY_WARNING,
      'version'  , product_info['version'],
      'bug_id'   , cbi,
      'cmds'     , make_list('show running-config')
    );
    
    cisco::check_and_report(
      product_info:product_info,
      workarounds:workarounds,
      workaround_params:workaround_params,
      reporting:reporting,
      vuln_versions:version_list,
      switch_only:TRUE
    );