var-202006-1645
Vulnerability from variot
A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. Windows Migration Assistant There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker could exploit this vulnerability to execute arbitrary code. 1A11) may be obtained from: https://support.apple.com/HT204087 -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7HAAoJEAc+Lhnt8tDNSw4P/j8sU2LQwEfqyLYryJ8Au/dv +ex17R8IFIDrmUikPsS0Ox0DqWhJDOTqGdL4JPDSnw2G6jqVQTZ7iCsSBS10CwBU 04U83/2ikYCraJlgOfA8KM4VFZEvgLPCh9DjApPYX07XwzJgGts3crLKKvcERD+2 C6hLKFZfwwXZm3Io49QjfmOOrDVYgGJ0LAtgtQN3AVZ4JaORjlPznPHBQzpe1Psv dOzxHO3Y6Jp2ihWfkomMWR4H+g3QGlFmNjJBveR0qds/i34GFmp61Ue/KDQ+KfXS 6XurJqa/tm4lIXU7k+Zm2TsRJVZxkNo3KSPQO3p13ZQ838aHfwHePwH1BB0aS9fB bDULYENPjYWFptn9Y2WEa/jEFDmfA2cEhIZZIUotqiyXZRQOlDOVYUn94i57QiJ+ 8wJeAXqU1CLfa/NKELq2J7LGwLtSaa5q+1ujcJvt8hsQDr3LcdhMDePg3AO1EYne G6by3d8J24lhpDd417CC9IKoQoiaiNEaBis7zAuLL59MWFeVlAc+hfEfX93GEqEb 0w0pP54PLYyCfZ+fCEAtxkoTTh6two9i9wrZphyreecv8wPFZKuPFKTpFnWbaKSn D3ihzYEafeoSpLeLzHxKIjqFBWTanMBUYj3jl6084iN7JiQqVbgYy/9P0fMl/e3Z 36QnwPreBpPcH4AeCrJM =mt7z -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1645",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "windows migration assistant",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.0.0"
},
{
"model": "windows migration assistant",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.0.0 (v.1a11)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:windows_migration_assistant",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "157882"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
],
"trust": 0.7
},
"cve": "CVE-2020-9858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2020-9858",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006554",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-187983",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-9858",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006554",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006554",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1263",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187983",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. Windows Migration Assistant There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker could exploit this vulnerability to execute arbitrary code. 1A11) may be obtained from:\nhttps://support.apple.com/HT204087\n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezV7HAAoJEAc+Lhnt8tDNSw4P/j8sU2LQwEfqyLYryJ8Au/dv\n+ex17R8IFIDrmUikPsS0Ox0DqWhJDOTqGdL4JPDSnw2G6jqVQTZ7iCsSBS10CwBU\n04U83/2ikYCraJlgOfA8KM4VFZEvgLPCh9DjApPYX07XwzJgGts3crLKKvcERD+2\nC6hLKFZfwwXZm3Io49QjfmOOrDVYgGJ0LAtgtQN3AVZ4JaORjlPznPHBQzpe1Psv\ndOzxHO3Y6Jp2ihWfkomMWR4H+g3QGlFmNjJBveR0qds/i34GFmp61Ue/KDQ+KfXS\n6XurJqa/tm4lIXU7k+Zm2TsRJVZxkNo3KSPQO3p13ZQ838aHfwHePwH1BB0aS9fB\nbDULYENPjYWFptn9Y2WEa/jEFDmfA2cEhIZZIUotqiyXZRQOlDOVYUn94i57QiJ+\n8wJeAXqU1CLfa/NKELq2J7LGwLtSaa5q+1ujcJvt8hsQDr3LcdhMDePg3AO1EYne\nG6by3d8J24lhpDd417CC9IKoQoiaiNEaBis7zAuLL59MWFeVlAc+hfEfX93GEqEb\n0w0pP54PLYyCfZ+fCEAtxkoTTh6two9i9wrZphyreecv8wPFZKuPFKTpFnWbaKSn\nD3ihzYEafeoSpLeLzHxKIjqFBWTanMBUYj3jl6084iN7JiQqVbgYy/9P0fMl/e3Z\n36QnwPreBpPcH4AeCrJM\n=mt7z\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9858"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "PACKETSTORM",
"id": "157882"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9858",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "157882",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1871",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-65926",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187983",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "PACKETSTORM",
"id": "157882"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"id": "VAR-202006-1645",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:16:26.718000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211186",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211186"
},
{
"title": "HT211186",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT211186"
},
{
"title": "Apple Windows Migration Assistant Windows Installer Fixes for component code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121610"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht211186"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9858"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9858"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1871/"
},
{
"trust": 0.6,
"url": "http://support.apple.com/en-us/ht211186"
},
{
"trust": 0.6,
"url": "http://support.apple.com/kb/ht211186"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157882/apple-security-advisory-2020-05-26-11.html"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204087"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "PACKETSTORM",
"id": "157882"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "PACKETSTORM",
"id": "157882"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-187983"
},
{
"date": "2020-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"date": "2020-05-29T19:06:14",
"db": "PACKETSTORM",
"id": "157882"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1263"
},
{
"date": "2020-06-09T17:15:15.487000",
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-187983"
},
{
"date": "2020-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1263"
},
{
"date": "2024-11-21T05:41:25.317000",
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows Migration Assistant Vulnerability in uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…