The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.45. It is, therefore, affected by multiple vulnerabilities as referenced in the March 4, 2021 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(147192);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id(
"CVE-2020-27844",
"CVE-2021-21159",
"CVE-2021-21160",
"CVE-2021-21161",
"CVE-2021-21162",
"CVE-2021-21163",
"CVE-2021-21164",
"CVE-2021-21165",
"CVE-2021-21166",
"CVE-2021-21167",
"CVE-2021-21168",
"CVE-2021-21169",
"CVE-2021-21170",
"CVE-2021-21171",
"CVE-2021-21172",
"CVE-2021-21173",
"CVE-2021-21174",
"CVE-2021-21175",
"CVE-2021-21176",
"CVE-2021-21177",
"CVE-2021-21178",
"CVE-2021-21179",
"CVE-2021-21180",
"CVE-2021-21181",
"CVE-2021-21182",
"CVE-2021-21183",
"CVE-2021-21184",
"CVE-2021-21185",
"CVE-2021-21186",
"CVE-2021-21187",
"CVE-2021-21188",
"CVE-2021-21189",
"CVE-2021-21190"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
script_name(english:"Microsoft Edge (Chromium) < 89.0.774.45 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 89.0.774.45. It is, therefore, affected
by multiple vulnerabilities as referenced in the March 4, 2021 advisory.
- A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an
attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds
write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system
availability. (CVE-2020-27844)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#march-4-2021
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b2e30009");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-27844");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21159");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21160");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21161");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21162");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21163");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21164");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21165");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21166");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21167");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21168");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21169");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21170");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21171");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21172");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21173");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21174");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21175");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21176");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21177");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21178");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21179");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21180");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21181");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21182");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21183");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21184");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21185");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21186");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21187");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21188");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21189");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21190");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 89.0.774.45 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27844");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-21190");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/05");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
constraints = [
{ 'fixed_version' : '89.0.774.45' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27844
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21164
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21165
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21168
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21169
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21170
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21171
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21172
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21173
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21175
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21177
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21178
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21179
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21181
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21183
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21185
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21186
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21187
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21190
www.nessus.org/u?b2e30009
msrc.microsoft.com/update-guide/vulnerability/CVE-2020-27844
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21159
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21160
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21161
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21162
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21163
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21164
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21165
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21166
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21167
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21168
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21169
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21170
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21171
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21172
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21173
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21174
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21175
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21176
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21177
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21178
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21179
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21180
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21181
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21182
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21183
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21184
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21185
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21186
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21187
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21188
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21189
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21190