The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected by multiple vulnerabilities as referenced in the January 20, 2022 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(156916);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/06");
script_cve_id("CVE-2022-23258");
script_name(english:"Microsoft Edge (Chromium) < 97.0.1072.69 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.69. It is, therefore, affected
by multiple vulnerabilities as referenced in the January 20, 2022 advisory.
- Microsoft Edge for Android Spoofing Vulnerability. (CVE-2022-23258)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-20-2022
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c365598");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0289");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0290");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0291");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0292");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0293");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0294");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0295");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0296");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0297");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0298");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0300");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0301");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0302");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0303");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0304");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0305");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0306");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0307");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0308");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0309");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0310");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0311");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 97.0.1072.69 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23258");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/19");
script_set_attribute(attribute:"patch_publication_date", value:"2022/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/01/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
{ 'fixed_version' : '97.0.1072.69' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23258
www.nessus.org/u?4c365598
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0289
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0290
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0291
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0292
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0293
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0294
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0295
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0296
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0297
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0298
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0300
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0301
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0302
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0303
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0304
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0305
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0306
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0307
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0308
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0309
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0310
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0311