Lucene search

Kaspersky LabKLA12049

HistoryJan 21, 2021 - 12:00 a.m.

KLA12049 Multiple vulnerabilities in Microsoft Browsers

2021-01-2100:00:00

Kaspersky Lab

threats.kaspersky.com

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.2%

JSON

Detect date:

01/21/2021

Severity:

Warning

Description:

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface.

Affected products:

Microsoft Edge (Chromium-based)

Solution:

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings

Original advisories:

CVE-2021-21120
CVE-2021-21128
CVE-2021-21135
CVE-2021-21123
CVE-2021-21130
CVE-2021-21126
CVE-2021-21125
CVE-2021-21136
CVE-2021-21141
CVE-2021-21124
CVE-2021-21119
CVE-2021-21140
CVE-2021-21122
CVE-2021-21121
CVE-2021-21127
CVE-2021-21137
CVE-2021-21129
CVE-2021-21139
CVE-2020-16044
CVE-2021-21132
CVE-2021-21134
CVE-2021-21118
CVE-2021-21133
CVE-2021-21131

Impacts:

ACE

Related products:

Microsoft Edge

CVE-IDS:

Microsoft official advisories:

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16044

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21118

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21119

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21120

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21121

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21122

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21123

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21124

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21125

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21126

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21127

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21128

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21129

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21130

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21131

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21132

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21133

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21134

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21135

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21136

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21137

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21139

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21140

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21141

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16044

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21118

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21119

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21120

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21121

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21122

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21123

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21124

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21125

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21126

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21127

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21128

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21129

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21130

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21131

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21132

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21133

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21134

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21135

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21136

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21137

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21139

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21140

portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21141

portal.msrc.microsoft.com/en-us/security-guidance

statistics.securelist.com/vulnerability-scan/month

support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1

threats.kaspersky.com/en/product/Microsoft-Edge/

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.2%

JSON