Kaspersky LabKLA12145KLA12145 Multiple vulnerabilities in Microsoft Browser
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.492 Medium
EPSS
Percentile
97.5%
Detect date:
04/15/2021
Severity:
Warning
Description:
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information, spoof user interface.
Affected products:
Microsoft Edge (Chromium-based)
Solution:
Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings
Original advisories:
CVE-2021-21203
CVE-2021-21212
CVE-2021-21217
CVE-2021-21213
CVE-2021-21204
CVE-2021-21214
CVE-2021-21211
CVE-2021-21201
CVE-2021-21210
CVE-2021-21219
CVE-2021-21215
CVE-2021-21202
CVE-2021-21218
CVE-2021-21216
CVE-2021-21209
CVE-2021-21205
CVE-2021-21221
CVE-2021-21207
CVE-2021-21208
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2021-212166.5High
CVE-2021-212216.5High
CVE-2021-212019.6Critical
CVE-2021-212028.6Critical
CVE-2021-212096.5High
CVE-2021-212058.1Critical
CVE-2021-212138.8Critical
CVE-2021-212048.8Critical
CVE-2021-212106.5High
CVE-2021-212195.5High
CVE-2021-212038.8Critical
CVE-2021-212126.5High
CVE-2021-212116.5High
CVE-2021-212078.6Critical
CVE-2021-212156.5High
CVE-2021-212185.5High
CVE-2021-212148.8Critical
CVE-2021-212175.5High
CVE-2021-212086.5High
Microsoft official advisories:
References
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21201
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21202
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21203
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21204
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21205
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21207
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21208
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21209
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21210
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21211
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21212
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21213
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21214
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21215
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21216
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21217
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21218
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21219
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21221
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21201
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21211
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21213
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21214
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21215
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21216
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21217
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21219
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21221
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1
threats.kaspersky.com/en/product/Microsoft-Edge/
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.492 Medium
EPSS
Percentile
97.5%