8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.0%
The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.62. It is, therefore, affected by multiple vulnerabilities as referenced in the August 25, 2023 advisory.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36741)
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4427)
Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4428)
Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4429)
Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4430)
Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4431)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(180197);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/06");
script_cve_id(
"CVE-2023-4427",
"CVE-2023-4428",
"CVE-2023-4429",
"CVE-2023-4430",
"CVE-2023-4431",
"CVE-2023-36741"
);
script_xref(name:"IAVA", value:"2023-A-0453-S");
script_name(english:"Microsoft Edge (Chromium) < 116.0.1938.62 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.62. It is, therefore, affected
by multiple vulnerabilities as referenced in the August 25, 2023 advisory.
- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36741)
- Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to
perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
(CVE-2023-4427)
- Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to
perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
(CVE-2023-4428)
- Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4429)
- Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4430)
- Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to
perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
(CVE-2023-4431)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#august-25-2023
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22854207");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4427");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4428");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4429");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4430");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4431");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 116.0.1938.62 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4430");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/22");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin", "smb_hotfixes.nasl");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var product_name = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Windows Server 2012" >< product_name)
audit(AUDIT_OS_SP_NOT_VULN);
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var extended = FALSE;
if (app_info['Channel'] == 'extended') extended = TRUE;
var constraints;
if (!extended) {
constraints = [
{ 'fixed_version' : '116.0.1938.62' }
];
} else {
audit(AUDIT_INST_VER_NOT_VULN, 'Microsoft Edge (Chromium)');
};
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4431
www.nessus.org/u?22854207
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4427
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4428
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4429
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4430
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4431
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.0%