The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(148693);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/10");
script_cve_id(
"CVE-2021-21201",
"CVE-2021-21202",
"CVE-2021-21203",
"CVE-2021-21204",
"CVE-2021-21205",
"CVE-2021-21207",
"CVE-2021-21208",
"CVE-2021-21209",
"CVE-2021-21210",
"CVE-2021-21211",
"CVE-2021-21212",
"CVE-2021-21213",
"CVE-2021-21214",
"CVE-2021-21215",
"CVE-2021-21216",
"CVE-2021-21217",
"CVE-2021-21218",
"CVE-2021-21219",
"CVE-2021-21221"
);
script_name(english:"Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected
by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue
but has instead relied only on the application's self-reported version number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-15-2021
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?de6e5227");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21201");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21202");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21203");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21204");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21205");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21207");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21209");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21210");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21211");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21212");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21213");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21214");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21215");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21216");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21217");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21218");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21219");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21221");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 90.0.818.39 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21214");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-21201");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/13");
script_set_attribute(attribute:"patch_publication_date", value:"2021/04/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
constraints = [
{ 'fixed_version' : '90.0.818.39' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21201
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21211
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21213
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21214
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21215
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21216
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21217
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21219
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21221
www.nessus.org/u?de6e5227
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21201
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21202
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21203
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21204
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21205
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21207
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21209
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21210
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21211
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21212
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21213
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21214
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21215
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21216
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21217
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21218
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21219
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21221