Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.MICROSOFT_EDGE_CHROMIUM_98_0_1108_43.NASL
HistoryFeb 03, 2022 - 12:00 a.m.

Microsoft Edge (Chromium) < 98.0.1108.43 Multiple Vulnerabilities

2022-02-0300:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.43. It is, therefore, affected by multiple vulnerabilities as referenced in the February 3, 2022 advisory.

  • Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. (CVE-2022-23263)

  • Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. (CVE-2022-23262)

  • Microsoft Edge (Chromium-based) Tampering Vulnerability. (CVE-2022-23261)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(157369);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/06");

  script_cve_id("CVE-2022-23261", "CVE-2022-23262", "CVE-2022-23263");

  script_name(english:"Microsoft Edge (Chromium) < 98.0.1108.43 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 98.0.1108.43. It is, therefore, affected
by multiple vulnerabilities as referenced in the February 3, 2022 advisory.

  - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from
    CVE-2022-23262. (CVE-2022-23263)

  - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from
    CVE-2022-23263. (CVE-2022-23262)

  - Microsoft Edge (Chromium-based) Tampering Vulnerability. (CVE-2022-23261)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#february-3-2022
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c8cf985b");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23261");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23262");
  script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23263");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 98.0.1108.43 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23262");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-23263");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/02/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_edge_chromium_installed.nbin");
  script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
  { 'fixed_version' : '98.0.1108.43' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
microsoftedgecpe:/a:microsoft:edge

Related

kaspersky 1
mscve 3
cvelist 3
cnvd 3
cve 3
prion 3
openvas 1
rapid7blog 1
kaspersky
kaspersky
KLA12451 Multiple vulnerabilities in Microsoft Browser
2022-02-03 00:00:00
mscve
mscve
Microsoft Edge (Chromium-based) Tampering Vulnerability
2022-02-03 08:00:00
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
2022-02-03 08:00:00
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
2022-02-03 08:00:00
cvelist
cvelist
Microsoft Edge (Chromium-based) Tampering Vulnerability
2022-02-07 17:10:12
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
2022-02-07 17:10:13
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
2022-02-07 17:10:15
cnvd
cnvd
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60123)
2022-02-10 00:00:00
Microsoft Edge (Chromium-based) 篡改漏洞(CNVD-2022-60124)
2022-02-10 00:00:00
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60125)
2022-02-10 00:00:00
cve
cve
CVE-2022-23262
2022-02-07 17:15:00
CVE-2022-23261
2022-02-07 17:15:00
CVE-2022-23263
2022-02-07 17:15:00
prion
prion
Privilege escalation
2022-02-07 17:15:00
Design/Logic Flaw
2022-02-07 17:15:00
Privilege escalation
2022-02-07 17:15:00
openvas
openvas
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Feb 2022)
2022-02-04 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - February 2022
2022-02-08 20:43:40
JSON
Related for MICROSOFT_EDGE_CHROMIUM_98_0_1108_43.NASL
kaspersky1mscve3cvelist3cnvd3cve3prion3openvas1rapid7blog1