CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
88.0%
The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.55. It is, therefore, affected by multiple vulnerabilities as referenced in the July 22, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152004);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/07");
script_cve_id(
"CVE-2021-30565",
"CVE-2021-30566",
"CVE-2021-30567",
"CVE-2021-30568",
"CVE-2021-30569",
"CVE-2021-30571",
"CVE-2021-30572",
"CVE-2021-30573",
"CVE-2021-30574",
"CVE-2021-30575",
"CVE-2021-30576",
"CVE-2021-30577",
"CVE-2021-30578",
"CVE-2021-30579",
"CVE-2021-30580",
"CVE-2021-30581",
"CVE-2021-30582",
"CVE-2021-30583",
"CVE-2021-30584",
"CVE-2021-30585",
"CVE-2021-30586",
"CVE-2021-30587",
"CVE-2021-30588",
"CVE-2021-30589"
);
script_xref(name:"IAVA", value:"2021-A-0346-S");
script_name(english:"Microsoft Edge (Chromium) < 92.0.902.55 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 92.0.902.55. It is, therefore, affected
by multiple vulnerabilities as referenced in the July 22, 2021 advisory. Note that Nessus has not tested for this issue
but has instead relied only on the application's self-reported version number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#july-22-2021
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc471fea");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30565");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30566");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30567");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30568");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30569");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30571");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30572");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30573");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30574");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30575");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30576");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30577");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30578");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30579");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30580");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30581");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30582");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30583");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30584");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30585");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30586");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30587");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30588");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30589");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36928");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36929");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36931");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 92.0.902.55 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30588");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-30571");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/20");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
constraints = [
{ 'fixed_version' : '92.0.902.55' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30565
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30566
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30567
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30572
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30576
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30577
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30578
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30579
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30580
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30582
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30589
www.nessus.org/u?dc471fea
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30565
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30566
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30567
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30568
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30569
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30571
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30572
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30573
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30574
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30575
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30576
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30577
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30578
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30579
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30580
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30581
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30582
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30583
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30584
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30585
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30586
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30587
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30588
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30589
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36928
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36929
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36931
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
88.0%