The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2336.0. It is, therefore, affected by multiple vulnerabilities as referenced in the January 11, 2024 advisory.
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0333)
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675)
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(187966);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/11");
script_cve_id(
"CVE-2024-0333",
"CVE-2024-20675",
"CVE-2024-20709",
"CVE-2024-20721",
"CVE-2024-21337"
);
script_name(english:"Microsoft Edge (Chromium) < 120.0.2336.0 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2336.0. It is, therefore, affected
by multiple vulnerabilities as referenced in the January 11, 2024 advisory.
- Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in
a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security
severity: High) (CVE-2024-0333)
- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675)
- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-11-2024
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3844aad0");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 120.0.2336.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20675");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/09");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin", "smb_hotfixes.nasl");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var product_name = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Windows Server 2012" >< product_name)
audit(AUDIT_OS_SP_NOT_VULN);
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var extended = FALSE;
if (app_info['Channel'] == 'extended') extended = TRUE;
var constraints;
if (!extended) {
constraints = [
{ 'fixed_version' : '120.0.2336.0' }
];
} else {
audit(AUDIT_INST_VER_NOT_VULN, 'Microsoft Edge (Chromium)');
};
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0333
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20709
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21337
www.nessus.org/u?3844aad0
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0333
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20675
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21337