Kaspersky LabKLA12243KLA12243 Multiple vulnerabilities in Microsoft Browser
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.01 Low
EPSS
Percentile
83.3%
Detect date:
07/22/2021
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions, obtain sensitive information, perform cross-site scripting attack, spoof user interface.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Microsoft Edge (Chromium-based)
Solution:
Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings
Original advisories:
CVE-2021-30572
CVE-2021-30578
CVE-2021-30576
CVE-2021-36928
CVE-2021-30581
CVE-2021-30579
CVE-2021-30569
CVE-2021-30577
CVE-2021-36929
CVE-2021-30573
CVE-2021-30589
CVE-2021-30583
CVE-2021-30566
CVE-2021-30587
CVE-2021-30567
CVE-2021-36931
CVE-2021-30582
CVE-2021-30585
CVE-2021-30580
CVE-2021-30568
CVE-2021-30575
CVE-2021-30574
CVE-2021-30586
CVE-2021-30584
CVE-2021-30565
CVE-2021-30571
CVE-2021-30588
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2021-305719.6Critical
CVE-2021-305818.8Critical
CVE-2021-305777.8Critical
CVE-2021-305658.8Critical
CVE-2021-305868.8Critical
CVE-2021-305836.5High
CVE-2021-305874.3Warning
CVE-2021-305688.8Critical
CVE-2021-305826.5High
CVE-2021-305846.5High
CVE-2021-305758.8Critical
CVE-2021-305738.8Critical
CVE-2021-305768.8Critical
CVE-2021-305728.8Critical
CVE-2021-305678.8Critical
CVE-2021-305748.8Critical
CVE-2021-305798.8Critical
CVE-2021-305668.8Critical
CVE-2021-305698.8Critical
CVE-2021-305806.5High
CVE-2021-305894.3Warning
CVE-2021-305788.8Critical
CVE-2021-305888.8Critical
CVE-2021-305858.8Critical
CVE-2021-369286.0High
CVE-2021-369296.3High
CVE-2021-369314.4Warning
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30565
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30566
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30567
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30572
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30576
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30577
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30578
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30579
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30580
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30582
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36928
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36931
nvd.nist.gov/vuln/detail/CVE-2021-30565
nvd.nist.gov/vuln/detail/CVE-2021-30566
nvd.nist.gov/vuln/detail/CVE-2021-30567
nvd.nist.gov/vuln/detail/CVE-2021-30568
nvd.nist.gov/vuln/detail/CVE-2021-30569
nvd.nist.gov/vuln/detail/CVE-2021-30571
nvd.nist.gov/vuln/detail/CVE-2021-30572
nvd.nist.gov/vuln/detail/CVE-2021-30573
nvd.nist.gov/vuln/detail/CVE-2021-30574
nvd.nist.gov/vuln/detail/CVE-2021-30575
nvd.nist.gov/vuln/detail/CVE-2021-30576
nvd.nist.gov/vuln/detail/CVE-2021-30577
nvd.nist.gov/vuln/detail/CVE-2021-30578
nvd.nist.gov/vuln/detail/CVE-2021-30579
nvd.nist.gov/vuln/detail/CVE-2021-30580
nvd.nist.gov/vuln/detail/CVE-2021-30581
nvd.nist.gov/vuln/detail/CVE-2021-30582
nvd.nist.gov/vuln/detail/CVE-2021-30583
nvd.nist.gov/vuln/detail/CVE-2021-30584
nvd.nist.gov/vuln/detail/CVE-2021-30585
nvd.nist.gov/vuln/detail/CVE-2021-30586
nvd.nist.gov/vuln/detail/CVE-2021-30587
nvd.nist.gov/vuln/detail/CVE-2021-30588
nvd.nist.gov/vuln/detail/CVE-2021-30589
nvd.nist.gov/vuln/detail/CVE-2021-36928
nvd.nist.gov/vuln/detail/CVE-2021-36929
nvd.nist.gov/vuln/detail/CVE-2021-36931
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Edge/
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.01 Low
EPSS
Percentile
83.3%