Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.MICROSOFT_EDGE_CHROMIUM_97_0_1072_69.NASLHistoryJan 20, 2022 - 12:00 a.m.
Microsoft Edge (Chromium) < 97.0.1072.69 Multiple Vulnerabilities
2022-01-2000:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected by multiple vulnerabilities as referenced in the January 20, 2022 advisory.
- Microsoft Edge for Android Spoofing Vulnerability. (CVE-2022-23258)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(156916);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/06");
script_cve_id("CVE-2022-23258");
script_name(english:"Microsoft Edge (Chromium) < 97.0.1072.69 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected
by multiple vulnerabilities as referenced in the January 20, 2022 advisory.
- Microsoft Edge for Android Spoofing Vulnerability. (CVE-2022-23258)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-20-2022
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c365598");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0289");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0290");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0291");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0292");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0293");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0294");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0295");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0296");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0297");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0298");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0300");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0301");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0302");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0303");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0304");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0305");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0306");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0307");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0308");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0309");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0310");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0311");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 97.0.1072.69 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23258");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/19");
script_set_attribute(attribute:"patch_publication_date", value:"2022/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/01/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
{ 'fixed_version' : '97.0.1072.69' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23258
www.nessus.org/u?4c365598
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0289
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0290
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0291
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0292
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0293
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0294
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0295
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0296
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0297
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0298
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0300
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0301
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0302
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0303
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0304
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0305
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0306
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0307
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0308
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0309
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0310
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0311
Related
nessus
nessus
openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0019-1)
2022-01-26 00:00:00
Google Chrome < 97.0.4692.99 Multiple Vulnerabilities
2022-01-19 00:00:00
Google Chrome < 97.0.4692.99 Multiple Vulnerabilities
2022-01-19 00:00:00
osv
osv
chromium - security update
2022-01-23 00:00:00
debian
debian
[SECURITY] [DSA 5054-1] chromium security update
2022-01-23 16:33:08
chrome
chrome
Stable Channel Update for Desktop
2022-01-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5054-1)
2022-01-26 00:00:00
Mageia: Security Advisory (MGASA-2022-0043)
2022-02-09 00:00:00
openSUSE: Security Advisory for opera (openSUSE-SU-2022:0110-1)
2024-03-04 00:00:00
kaspersky
kaspersky
KLA12430 Multiple vulnerabilities in Microsoft Browser
2022-01-20 00:00:00
KLA12433 Security UI vulnerability in Microsoft Browser
2022-01-21 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2022-01-19 00:00:00
suse
suse
Security update for chromium (important)
2022-01-24 00:00:00
Security update for opera (important)
2022-02-21 00:00:00
Security update for opera (important)
2022-04-08 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-02-03 00:29:30
mscve
mscve
Microsoft Edge for Android Spoofing Vulnerability
2022-01-21 08:00:00
Chromium: CVE-2022-0303 Race in GPU Watchdog
2022-01-20 08:00:00
Chromium: CVE-2022-0298 Use after free in Scheduling
2022-01-20 08:00:00
hackerone
hackerone
Brave Software: UXss on brave browser via scan QR Code
2023-02-22 21:53:12
prion
prion
cve
cve
veracode
veracode
Denial Of Service (DoS)
2022-01-23 23:17:00
Denial Of Service (DoS)
2022-01-23 23:15:26
Use After Free
2022-01-23 23:01:05
redhatcve
redhatcve
cnvd
cnvd
Google Chrome Resource Management Error Vulnerability (CNVD-2022-15157)
2022-01-24 00:00:00
Google Chrome Security Feature Issue Vulnerability (CNVD-2022-15154)
2022-01-24 00:00:00
Google Chrome has an unspecified vulnerability (CNVD-2022-15143)
2022-01-25 00:00:00
debiancve
debiancve
alpinelinux
alpinelinux
ubuntucve
ubuntucve
malwarebytes
malwarebytes
Update now! Chrome patches critical RCE vulnerability in Safe Browsing
2022-01-20 20:32:26
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2022-01-31 00:00:00
Related for MICROSOFT_EDGE_CHROMIUM_97_0_1072_69.NASL