Lucene search

K
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.MICROSOFT_EDGE_CHROMIUM_107_0_1418_24.NASL
HistoryOct 27, 2022 - 12:00 a.m.

Microsoft Edge (Chromium) < 107.0.1418.24 Multiple Vulnerabilities

2022-10-2700:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
59
microsoft edge
chromium
vulnerabilities
type confusion
heap buffer overflow
use after free
insufficient data validation
file system
extensions
full screen mode
media galleries

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.9%

The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.24. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2022 advisory.

  • Type Confusion in V8. (CVE-2022-3652)

  • Heap buffer overflow in Vulkan. (CVE-2022-3653)

  • Use after free in Layout. (CVE-2022-3654)

  • Heap buffer overflow in Media Galleries. (CVE-2022-3655)

  • Insufficient data validation in File System. (CVE-2022-3656)

  • Use after free in Extensions. (CVE-2022-3657)

  • Inappropriate implementation in Full screen mode. (CVE-2022-3660)

  • Insufficient data validation in Extensions. (CVE-2022-3661)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(166629);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/28");

  script_cve_id(
    "CVE-2022-3652",
    "CVE-2022-3653",
    "CVE-2022-3654",
    "CVE-2022-3655",
    "CVE-2022-3656",
    "CVE-2022-3657",
    "CVE-2022-3660",
    "CVE-2022-3661"
  );
  script_xref(name:"IAVA", value:"2022-A-0446-S");
  script_xref(name:"IAVA", value:"2022-A-0454-S");

  script_name(english:"Microsoft Edge (Chromium) < 107.0.1418.24 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.24. It is, therefore, affected
by multiple vulnerabilities as referenced in the October 27, 2022 advisory.

  - Type Confusion in V8. (CVE-2022-3652)

  - Heap buffer overflow in Vulkan. (CVE-2022-3653)

  - Use after free in Layout. (CVE-2022-3654)

  - Heap buffer overflow in Media Galleries. (CVE-2022-3655)

  - Insufficient data validation in File System. (CVE-2022-3656)

  - Use after free in Extensions. (CVE-2022-3657)

  - Inappropriate implementation in Full screen mode. (CVE-2022-3660)

  - Insufficient data validation in Extensions. (CVE-2022-3661)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-27-2022
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?57027261");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3652");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3653");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3654");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3655");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3656");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3657");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3660");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3661");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 107.0.1418.24 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3657");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_edge_chromium_installed.nbin");
  script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
  { 'fixed_version' : '107.0.1418.24' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.9%