The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected by multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(150138);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id(
"CVE-2021-30521",
"CVE-2021-30522",
"CVE-2021-30523",
"CVE-2021-30524",
"CVE-2021-30525",
"CVE-2021-30526",
"CVE-2021-30527",
"CVE-2021-30528",
"CVE-2021-30529",
"CVE-2021-30530",
"CVE-2021-30531",
"CVE-2021-30532",
"CVE-2021-30533",
"CVE-2021-30534",
"CVE-2021-30535",
"CVE-2021-30536",
"CVE-2021-30537",
"CVE-2021-30538",
"CVE-2021-30539",
"CVE-2021-30540"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/07/18");
script_name(english:"Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected
by multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue
but has instead relied only on the application's self-reported version number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#may-27-2021
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0c14a42a");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30521");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30522");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30523");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30524");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30525");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30526");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30527");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30528");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30529");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30530");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30531");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30532");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30533");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30534");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30535");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30536");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30537");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30538");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30539");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30540");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 91.0.864.37 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30535");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/25");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
constraints = [
{ 'fixed_version' : '91.0.864.37' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30524
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30535
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30536
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30540
www.nessus.org/u?0c14a42a
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30521
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30522
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30523
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30524
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30525
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30526
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30527
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30528
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30529
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30530
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30531
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30532
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30533
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30534
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30535
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30536
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30537
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30538
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30539
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30540
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982