The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.xxxxxx. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(149476);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/02");
script_cve_id(
"CVE-2021-30506",
"CVE-2021-30507",
"CVE-2021-30508",
"CVE-2021-30509",
"CVE-2021-30510",
"CVE-2021-30511",
"CVE-2021-30512",
"CVE-2021-30513",
"CVE-2021-30514",
"CVE-2021-30515",
"CVE-2021-30516",
"CVE-2021-30517",
"CVE-2021-30518",
"CVE-2021-30519",
"CVE-2021-30520"
);
script_name(english:"Microsoft Edge (Chromium) < 90.0.xxxxxx Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.xxxxxx. It is, therefore, affected
by multiple vulnerabilities as referenced in the May 13, 2021 advisory. Note that Nessus has not tested for this issue
but has instead relied only on the application's self-reported version number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#may-13-2021
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9cc1dc08");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30506");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30507");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30508");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30509");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30510");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30511");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30512");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30513");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30514");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30515");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30516");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30517");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30518");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30519");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30520");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 90.0.xxxxxx or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30520");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/10");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
constraints = [
{ 'fixed_version' : '90.0.xxxxxx' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30514
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30518
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30520
www.nessus.org/u?9cc1dc08
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30506
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30507
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30508
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30509
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30510
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30511
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30512
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30513
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30514
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30515
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30516
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30517
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30518
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30519
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30520