Kaspersky LabKLA12107KLA12107 Multiple vulnerabilities in Microsoft Browser
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
8.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
0.036 Low
EPSS
Percentile
91.5%
Detect date:
03/04/2021
Severity:
Warning
Description:
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, spoof user interface, execute arbitrary code.
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products:
Microsoft Edge (Chromium-based)
Solution:
Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings
Original advisories:
CVE-2021-21190
CVE-2021-21184
CVE-2021-21189
CVE-2021-21159
CVE-2021-21174
CVE-2021-21175
CVE-2021-21169
CVE-2021-21163
CVE-2021-21178
CVE-2021-21166
CVE-2021-21171
CVE-2021-21164
CVE-2020-27844
CVE-2021-21160
CVE-2021-21188
CVE-2021-21173
CVE-2021-21182
CVE-2021-21165
CVE-2021-21183
CVE-2021-21161
CVE-2021-21167
CVE-2021-21177
CVE-2021-21176
CVE-2021-21180
CVE-2021-21170
CVE-2021-21172
CVE-2021-21179
CVE-2021-21181
CVE-2021-21186
CVE-2021-21162
CVE-2021-21185
CVE-2021-21187
CVE-2021-21168
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-278447.8Critical
CVE-2021-211598.8Critical
CVE-2021-211608.8Critical
CVE-2021-211618.8Critical
CVE-2021-211628.8Critical
CVE-2021-211636.5High
CVE-2021-211646.5High
CVE-2021-211658.8Critical
CVE-2021-211668.8Critical
CVE-2021-211678.8Critical
CVE-2021-211686.5High
CVE-2021-211698.8Critical
CVE-2021-211706.5High
CVE-2021-211716.5High
CVE-2021-211728.1Critical
CVE-2021-211736.5High
CVE-2021-211748.8Critical
CVE-2021-211756.5High
CVE-2021-211766.5High
CVE-2021-211776.5High
CVE-2021-211786.5High
CVE-2021-211798.8Critical
CVE-2021-211808.8Critical
CVE-2021-211816.5High
CVE-2021-211826.5High
CVE-2021-211834.3Warning
CVE-2021-211844.3Warning
CVE-2021-211854.3Warning
CVE-2021-211864.3Warning
CVE-2021-211874.3Warning
CVE-2021-211888.8Critical
CVE-2021-211894.3Warning
CVE-2021-211908.8Critical
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27844
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21164
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21165
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21168
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21169
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21170
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21171
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21172
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21173
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21175
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21177
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21178
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21179
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21181
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21183
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21185
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21186
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21187
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21190
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-27844
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21159
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21160
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21161
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21162
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21163
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21164
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21165
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21166
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21167
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21168
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21169
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21170
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21171
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21172
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21173
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21174
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21175
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21176
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21177
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21178
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21179
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21180
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21181
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21182
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21183
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21184
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21185
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21186
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21187
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21188
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21189
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2021-21190
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Edge/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
8.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
0.036 Low
EPSS
Percentile
91.5%