Kaspersky LabKLA12351KLA12351 Multiple vulnerabilities in Microsoft Browser
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%
Detect date:
11/19/2021
Severity:
Warning
Description:
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface, obtain sensitive information.
Affected products:
Microsoft Edge (Chromium-based)
Microsoft Edge for iOS
Solution:
Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings
Original advisories:
CVE-2021-38011
CVE-2021-38019
CVE-2021-38009
CVE-2021-38010
CVE-2021-38015
CVE-2021-38012
CVE-2021-42308
CVE-2021-43220
CVE-2021-43221
CVE-2021-38006
CVE-2021-38007
CVE-2021-38022
CVE-2021-38013
CVE-2021-38018
CVE-2021-38017
CVE-2021-38020
CVE-2021-38021
CVE-2021-38008
CVE-2021-38005
CVE-2021-38016
CVE-2021-38014
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2021-380118.8Critical
CVE-2021-380106.5High
CVE-2021-380128.8Critical
CVE-2021-380196.5High
CVE-2021-380068.8Critical
CVE-2021-380088.8Critical
CVE-2021-380216.5High
CVE-2021-380058.8Critical
CVE-2021-380158.8Critical
CVE-2021-380178.8Critical
CVE-2021-380139.6Critical
CVE-2021-380204.3Warning
CVE-2021-380168.8Critical
CVE-2021-380148.8Critical
CVE-2021-380078.8Critical
CVE-2021-380096.5High
CVE-2021-380186.5High
CVE-2021-380226.5High
CVE-2021-423083.1Warning
CVE-2021-432203.1Warning
CVE-2021-432214.2Warning
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43220
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43221
nvd.nist.gov/vuln/detail/CVE-2021-38005
nvd.nist.gov/vuln/detail/CVE-2021-38006
nvd.nist.gov/vuln/detail/CVE-2021-38007
nvd.nist.gov/vuln/detail/CVE-2021-38008
nvd.nist.gov/vuln/detail/CVE-2021-38009
nvd.nist.gov/vuln/detail/CVE-2021-38010
nvd.nist.gov/vuln/detail/CVE-2021-38011
nvd.nist.gov/vuln/detail/CVE-2021-38012
nvd.nist.gov/vuln/detail/CVE-2021-38013
nvd.nist.gov/vuln/detail/CVE-2021-38014
nvd.nist.gov/vuln/detail/CVE-2021-38015
nvd.nist.gov/vuln/detail/CVE-2021-38016
nvd.nist.gov/vuln/detail/CVE-2021-38017
nvd.nist.gov/vuln/detail/CVE-2021-38018
nvd.nist.gov/vuln/detail/CVE-2021-38019
nvd.nist.gov/vuln/detail/CVE-2021-38020
nvd.nist.gov/vuln/detail/CVE-2021-38021
nvd.nist.gov/vuln/detail/CVE-2021-38022
nvd.nist.gov/vuln/detail/CVE-2021-42308
nvd.nist.gov/vuln/detail/CVE-2021-43220
nvd.nist.gov/vuln/detail/CVE-2021-43221
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1
threats.kaspersky.com/en/product/Microsoft-Edge/
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%