cvelistv5 - cve-2020-9858

CVE-2020-9858 (GCVE-0-2020-9858)

Vulnerability from cvelistv5

Published

2020-06-09 16:18

Modified

2024-08-04 10:43

Severity ?

CWE

Running the installer in an untrusted directory may result in arbitrary code execution

Summary

References

URL

	Vendor	Product	Version
	Apple	Windows Migration Assistant	Version: unspecified < Windows Migration Assistant 2.2.0.0 (v. 1A11)

CERTFR-2020-AVI-321

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina versions antérieures à 10.15.5
Apple	N/A	iCloud pour Windows versions 11.x antérieures à 11.2
Apple	Safari	Safari versions antérieures à 13.1.1
Apple	N/A	iCloud pour Windows versions antérieures à 7.19
Apple	macOS	macOS Mojave sans le correctif de sécurité 2020-003
Apple	macOS	macOS High Sierra sans le correctif de sécurité 2020-003
Apple	N/A	Windows Migration Assistant versions antérieures à 2.2.0.0 (v. 1A11)

References

Title

Publication Time

ghsa-8v24-3r89-xw58

Vulnerability from github

Published

2022-05-24 17:19

Modified

2022-05-24 17:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9858"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-09T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution.",
  "id": "GHSA-8v24-3r89-xw58",
  "modified": "2022-05-24T17:19:46Z",
  "published": "2022-05-24T17:19:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9858"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211186"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2020-9858

Vulnerability from fkie_nvd

Published

2020-06-09 17:15

Modified

2024-11-21 05:41

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/HT211186	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211186	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	windows_migration_assistant	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:windows_migration_assistant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2304DE-B8E7-4F20-B032-258613626387",
              "versionEndExcluding": "2.2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de carga de la biblioteca din\u00e1mica con una b\u00fasqueda de ruta mejorada. Este problema es corregido en Windows Migration Assistant versi\u00f3n 2.2.0.0 (v. 1A11). Ejecutar el instalador en un directorio no confiable puede resultar en una ejecuci\u00f3n de c\u00f3digo arbitraria"
    }
  ],
  "id": "CVE-2020-9858",
  "lastModified": "2024-11-21T05:41:25.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-09T17:15:15.487",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211186"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2020-9858

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-9858

Aliases

CVE-2020-9858

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9858",
    "description": "A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution.",
    "id": "GSD-2020-9858"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9858"
      ],
      "details": "A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution.",
      "id": "GSD-2020-9858",
      "modified": "2023-12-13T01:21:52.896472Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-9858",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Windows Migration Assistant",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "Windows Migration Assistant 2.2.0.0 (v. 1A11)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Running the installer in an untrusted directory may result in arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT211186",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211186"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:windows_migration_assistant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9858"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211186",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211186"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-06-15T18:18Z",
      "publishedDate": "2020-06-09T17:15Z"
    }
  }
}

cnvd-2020-65926

Vulnerability from cnvd

Title

Apple Windows Migration Assistant Windows Installer组件动态库加载漏洞

Description

Apple Windows Migration Assistant是美国苹果（Apple）公司的一款支持将Windows系统中的数据迁移到Mac设备中的应用程序。Windows Installer是Apple Windows Migration Assistant的Windows安装程序。 Apple Windows Migration Assistant 2.2.0.0之前版本中的Windows Installer组件存在安全漏洞。攻击者可利用该漏洞执行任意代码。

Severity

中

Patch Name

Apple Windows Migration Assistant Windows Installer组件动态库加载漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT211186

Reference

http://support.apple.com/kb/HT211186

Impacted products

Name
Apple Windows Migration Assistant <2.2.0.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9858"
    }
  },
  "description": "Apple Windows Migration Assistant\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u652f\u6301\u5c06Windows\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u8fc1\u79fb\u5230Mac\u8bbe\u5907\u4e2d\u7684\u5e94\u7528\u7a0b\u5e8f\u3002Windows Installer\u662fApple Windows Migration Assistant\u7684Windows\u5b89\u88c5\u7a0b\u5e8f\u3002\n\nApple Windows Migration Assistant 2.2.0.0\u4e4b\u524d\u7248\u672c\u4e2d\u7684Windows Installer\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT211186",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-65926",
  "openTime": "2020-11-24",
  "patchDescription": "Apple Windows Migration Assistant\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u652f\u6301\u5c06Windows\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u8fc1\u79fb\u5230Mac\u8bbe\u5907\u4e2d\u7684\u5e94\u7528\u7a0b\u5e8f\u3002Windows Installer\u662fApple Windows Migration Assistant\u7684Windows\u5b89\u88c5\u7a0b\u5e8f\u3002\r\n\r\nApple Windows Migration Assistant 2.2.0.0\u4e4b\u524d\u7248\u672c\u4e2d\u7684Windows Installer\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple Windows Migration Assistant Windows Installer\u7ec4\u4ef6\u52a8\u6001\u5e93\u52a0\u8f7d\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple  Windows Migration Assistant \u003c2.2.0.0"
  },
  "referenceLink": "http://support.apple.com/kb/HT211186",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-28",
  "title": "Apple Windows Migration Assistant Windows Installer\u7ec4\u4ef6\u52a8\u6001\u5e93\u52a0\u8f7d\u6f0f\u6d1e"
}

var-202006-1645

Vulnerability from variot

A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. Windows Migration Assistant There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker could exploit this vulnerability to execute arbitrary code. 1A11) may be obtained from: https://support.apple.com/HT204087 -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64

iQIcBAEDCAAGBQJezV7HAAoJEAc+Lhnt8tDNSw4P/j8sU2LQwEfqyLYryJ8Au/dv +ex17R8IFIDrmUikPsS0Ox0DqWhJDOTqGdL4JPDSnw2G6jqVQTZ7iCsSBS10CwBU 04U83/2ikYCraJlgOfA8KM4VFZEvgLPCh9DjApPYX07XwzJgGts3crLKKvcERD+2 C6hLKFZfwwXZm3Io49QjfmOOrDVYgGJ0LAtgtQN3AVZ4JaORjlPznPHBQzpe1Psv dOzxHO3Y6Jp2ihWfkomMWR4H+g3QGlFmNjJBveR0qds/i34GFmp61Ue/KDQ+KfXS 6XurJqa/tm4lIXU7k+Zm2TsRJVZxkNo3KSPQO3p13ZQ838aHfwHePwH1BB0aS9fB bDULYENPjYWFptn9Y2WEa/jEFDmfA2cEhIZZIUotqiyXZRQOlDOVYUn94i57QiJ+ 8wJeAXqU1CLfa/NKELq2J7LGwLtSaa5q+1ujcJvt8hsQDr3LcdhMDePg3AO1EYne G6by3d8J24lhpDd417CC9IKoQoiaiNEaBis7zAuLL59MWFeVlAc+hfEfX93GEqEb 0w0pP54PLYyCfZ+fCEAtxkoTTh6two9i9wrZphyreecv8wPFZKuPFKTpFnWbaKSn D3ihzYEafeoSpLeLzHxKIjqFBWTanMBUYj3jl6084iN7JiQqVbgYy/9P0fMl/e3Z 36QnwPreBpPcH4AeCrJM =mt7z -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1645",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "windows migration assistant",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.2.0.0"
      },
      {
        "model": "windows migration assistant",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2.0.0 (v.1a11)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9858"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:windows_migration_assistant",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "157882"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-9858",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2020-9858",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006554",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-187983",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-9858",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006554",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-9858",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006554",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-1263",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-187983",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9858"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. Windows Migration Assistant There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker could exploit this vulnerability to execute arbitrary code. 1A11) may be obtained from:\nhttps://support.apple.com/HT204087\n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezV7HAAoJEAc+Lhnt8tDNSw4P/j8sU2LQwEfqyLYryJ8Au/dv\n+ex17R8IFIDrmUikPsS0Ox0DqWhJDOTqGdL4JPDSnw2G6jqVQTZ7iCsSBS10CwBU\n04U83/2ikYCraJlgOfA8KM4VFZEvgLPCh9DjApPYX07XwzJgGts3crLKKvcERD+2\nC6hLKFZfwwXZm3Io49QjfmOOrDVYgGJ0LAtgtQN3AVZ4JaORjlPznPHBQzpe1Psv\ndOzxHO3Y6Jp2ihWfkomMWR4H+g3QGlFmNjJBveR0qds/i34GFmp61Ue/KDQ+KfXS\n6XurJqa/tm4lIXU7k+Zm2TsRJVZxkNo3KSPQO3p13ZQ838aHfwHePwH1BB0aS9fB\nbDULYENPjYWFptn9Y2WEa/jEFDmfA2cEhIZZIUotqiyXZRQOlDOVYUn94i57QiJ+\n8wJeAXqU1CLfa/NKELq2J7LGwLtSaa5q+1ujcJvt8hsQDr3LcdhMDePg3AO1EYne\nG6by3d8J24lhpDd417CC9IKoQoiaiNEaBis7zAuLL59MWFeVlAc+hfEfX93GEqEb\n0w0pP54PLYyCfZ+fCEAtxkoTTh6two9i9wrZphyreecv8wPFZKuPFKTpFnWbaKSn\nD3ihzYEafeoSpLeLzHxKIjqFBWTanMBUYj3jl6084iN7JiQqVbgYy/9P0fMl/e3Z\n36QnwPreBpPcH4AeCrJM\n=mt7z\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9858"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187983"
      },
      {
        "db": "PACKETSTORM",
        "id": "157882"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9858",
        "trust": 2.6
      },
      {
        "db": "PACKETSTORM",
        "id": "157882",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1263",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1871",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-65926",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-187983",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "db": "PACKETSTORM",
        "id": "157882"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9858"
      }
    ]
  },
  "id": "VAR-202006-1645",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187983"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:16:26.718000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT211186",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT211186"
      },
      {
        "title": "HT211186",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT211186"
      },
      {
        "title": "Apple Windows Migration Assistant Windows Installer Fixes for component code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121610"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-427",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9858"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211186"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9858"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9858"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1871/"
      },
      {
        "trust": 0.6,
        "url": "http://support.apple.com/en-us/ht211186"
      },
      {
        "trust": 0.6,
        "url": "http://support.apple.com/kb/ht211186"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157882/apple-security-advisory-2020-05-26-11.html"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204087"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "db": "PACKETSTORM",
        "id": "157882"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9858"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-187983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "db": "PACKETSTORM",
        "id": "157882"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9858"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187983"
      },
      {
        "date": "2020-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "date": "2020-05-29T19:06:14",
        "db": "PACKETSTORM",
        "id": "157882"
      },
      {
        "date": "2020-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      },
      {
        "date": "2020-06-09T17:15:15.487000",
        "db": "NVD",
        "id": "CVE-2020-9858"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187983"
      },
      {
        "date": "2020-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      },
      {
        "date": "2024-11-21T05:41:25.317000",
        "db": "NVD",
        "id": "CVE-2020-9858"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows Migration Assistant Vulnerability in uncontrolled search path elements in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006554"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-1263"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-9858 (GCVE-0-2020-9858)

Vulnerability from cvelistv5

CERTFR-2020-AVI-321

Vulnerability from certfr_avis

Solution

ghsa-8v24-3r89-xw58

Vulnerability from github

fkie_cve-2020-9858

Vulnerability from fkie_nvd

gsd-2020-9858

Vulnerability from gsd

cnvd-2020-65926

Vulnerability from cnvd

var-202006-1645

Vulnerability from variot

Tags

Sightings

Nomenclature