www.tenable.com
Open in
urlscan Pro
2606:4700::6810:3105
Public Scan
URL:
https://www.tenable.com/plugins/nessus/208710
Submission: On November 13 via api from IN — Scanned from DE
Submission: On November 13 via api from IN — Scanned from DE
Form analysis
0 forms found in the DOMText Content
* * Plugins * Settings LINKS Tenable Cloud Tenable Community & Support Tenable University Severity VPRCVSS v2CVSS v3CVSS v4 Theme LightDarkAuto Help * * Plugins OverviewPlugins PipelineNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin FamiliesRelease Notes * Audits OverviewNewestUpdatedSearch Audit FilesSearch ItemsReferencesAuthoritiesDocumentationDownload All Audit Files * Indicators OverviewSearchIndicators of AttackIndicators of Exposure * CVEs OverviewNewestUpdatedSearch * Attack Path Techniques OverviewSearch * Links Tenable CloudTenable Community & SupportTenable University * Settings Severity VPRCVSS v2CVSS v3CVSS v4 Theme LightDarkAuto DETECTIONS * Plugins OverviewPlugins PipelineRelease NotesNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin Families * Audits OverviewNewestUpdatedSearch Audit FilesSearch ItemsReferencesAuthoritiesDocumentationDownload All Audit Files * Indicators OverviewSearchIndicators of AttackIndicators of Exposure ANALYTICS * CVEs OverviewNewestUpdatedSearch * Attack Path Techniques OverviewSearch 1. Plugins 2. Nessus 3. 208710 1. Nessus MICROSOFT EDGE (CHROMIUM) < 129.0.2792.89 MULTIPLE VULNERABILITIES HIGH NESSUS PLUGIN ID 208710 Language: English 日本語简体中文繁體中文English * Information * Dependencies * Dependents * Changelog SYNOPSIS The remote host has an web browser installed that is affected by multiple vulnerabilities. DESCRIPTION The version of Microsoft Edge installed on the remote Windows host is prior to 129.0.2792.89. It is, therefore, affected by multiple vulnerabilities as referenced in the October 10, 2024 advisory. - Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2024-9602) - Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-9603) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. SOLUTION Upgrade to Microsoft Edge version 129.0.2792.89 or later. SEE ALSO http://www.nessus.org/u?e8753453 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9602 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9603 PLUGIN DETAILS Severity: High ID: 208710 File Name: microsoft_edge_chromium_129_0_2792_89.nasl Version: 1.1 Type: local Agent: windows Family: Windows Published: 10/10/2024 Updated: 10/10/2024 Supported Sensors: Nessus Agent, Nessus RISK INFORMATION VPR Risk Factor: Medium Score: 6.7 CVSS V2 Risk Factor: Medium Base Score: 6.8 Temporal Score: 5 Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P CVSS Score Source: CVE-2024-9603 CVSS V3 Risk Factor: High Base Score: 8.8 Temporal Score: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C VULNERABILITY INFORMATION CPE: cpe:/a:microsoft:edge Required KB Items: SMB/Registry/Enumerated, installed_sw/Microsoft Edge (Chromium) Exploit Ease: No known exploits are available Patch Publication Date: 10/10/2024 Vulnerability Publication Date: 10/8/2024 REFERENCE INFORMATION CVE: CVE-2024-9602, CVE-2024-9603 * Tenable.com * Community & Support * Documentation * Education * © 2024 Tenable®, Inc. All Rights Reserved * Privacy Policy * Legal * 508 Compliance