Lucene search

K
kasperskyKaspersky LabKLA12329
HistoryOct 21, 2021 - 12:00 a.m.

KLA12329 Multiple vulnerability in Microsoft Browser

2021-10-2100:00:00
Kaspersky Lab
threats.kaspersky.com
10

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.9%

Detect date:

10/21/2021

Severity:

Warning

Description:

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, obtain sensitive information.

Affected products:

Microsoft Edge (Chromium-based)

Solution:

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings

Original advisories:

CVE-2021-37982
CVE-2021-37981
CVE-2021-37996
CVE-2021-37993
CVE-2021-37988
CVE-2021-37984
CVE-2021-37989
CVE-2021-37990
CVE-2021-37987
CVE-2021-37986
CVE-2021-37983
CVE-2021-37992
CVE-2021-37995
CVE-2021-42307
CVE-2021-37994
CVE-2021-37991
CVE-2021-37985

Impacts:

ACE

Related products:

Microsoft Edge

CVE-IDS:

CVE-2021-379868.8Critical
CVE-2021-379848.8Critical
CVE-2021-379938.8Critical
CVE-2021-379819.6Critical
CVE-2021-379858.8Critical
CVE-2021-379956.5High
CVE-2021-379917.5Critical
CVE-2021-379838.8Critical
CVE-2021-379896.5High
CVE-2021-379888.8Critical
CVE-2021-379905.5High
CVE-2021-379946.5High
CVE-2021-379828.8Critical
CVE-2021-379965.5High
CVE-2021-379928.8Critical
CVE-2021-379878.8Critical
CVE-2021-423074.3Warning

Microsoft official advisories:

References

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.9%