VAR-202006-1645
Vulnerability from variot - Updated: 2023-12-18 12:56A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. Windows Migration Assistant There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker could exploit this vulnerability to execute arbitrary code. 1A11) may be obtained from: https://support.apple.com/HT204087 -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7HAAoJEAc+Lhnt8tDNSw4P/j8sU2LQwEfqyLYryJ8Au/dv +ex17R8IFIDrmUikPsS0Ox0DqWhJDOTqGdL4JPDSnw2G6jqVQTZ7iCsSBS10CwBU 04U83/2ikYCraJlgOfA8KM4VFZEvgLPCh9DjApPYX07XwzJgGts3crLKKvcERD+2 C6hLKFZfwwXZm3Io49QjfmOOrDVYgGJ0LAtgtQN3AVZ4JaORjlPznPHBQzpe1Psv dOzxHO3Y6Jp2ihWfkomMWR4H+g3QGlFmNjJBveR0qds/i34GFmp61Ue/KDQ+KfXS 6XurJqa/tm4lIXU7k+Zm2TsRJVZxkNo3KSPQO3p13ZQ838aHfwHePwH1BB0aS9fB bDULYENPjYWFptn9Y2WEa/jEFDmfA2cEhIZZIUotqiyXZRQOlDOVYUn94i57QiJ+ 8wJeAXqU1CLfa/NKELq2J7LGwLtSaa5q+1ujcJvt8hsQDr3LcdhMDePg3AO1EYne G6by3d8J24lhpDd417CC9IKoQoiaiNEaBis7zAuLL59MWFeVlAc+hfEfX93GEqEb 0w0pP54PLYyCfZ+fCEAtxkoTTh6two9i9wrZphyreecv8wPFZKuPFKTpFnWbaKSn D3ihzYEafeoSpLeLzHxKIjqFBWTanMBUYj3jl6084iN7JiQqVbgYy/9P0fMl/e3Z 36QnwPreBpPcH4AeCrJM =mt7z -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1645",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "windows migration assistant",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.0.0"
},
{
"model": "windows migration assistant",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.0.0 (v.1a11)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:windows_migration_assistant:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "157882"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
],
"trust": 0.7
},
"cve": "CVE-2020-9858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006554",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-187983",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006554",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006554",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1263",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187983",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. Windows Migration Assistant There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker could exploit this vulnerability to execute arbitrary code. 1A11) may be obtained from:\nhttps://support.apple.com/HT204087\n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezV7HAAoJEAc+Lhnt8tDNSw4P/j8sU2LQwEfqyLYryJ8Au/dv\n+ex17R8IFIDrmUikPsS0Ox0DqWhJDOTqGdL4JPDSnw2G6jqVQTZ7iCsSBS10CwBU\n04U83/2ikYCraJlgOfA8KM4VFZEvgLPCh9DjApPYX07XwzJgGts3crLKKvcERD+2\nC6hLKFZfwwXZm3Io49QjfmOOrDVYgGJ0LAtgtQN3AVZ4JaORjlPznPHBQzpe1Psv\ndOzxHO3Y6Jp2ihWfkomMWR4H+g3QGlFmNjJBveR0qds/i34GFmp61Ue/KDQ+KfXS\n6XurJqa/tm4lIXU7k+Zm2TsRJVZxkNo3KSPQO3p13ZQ838aHfwHePwH1BB0aS9fB\nbDULYENPjYWFptn9Y2WEa/jEFDmfA2cEhIZZIUotqiyXZRQOlDOVYUn94i57QiJ+\n8wJeAXqU1CLfa/NKELq2J7LGwLtSaa5q+1ujcJvt8hsQDr3LcdhMDePg3AO1EYne\nG6by3d8J24lhpDd417CC9IKoQoiaiNEaBis7zAuLL59MWFeVlAc+hfEfX93GEqEb\n0w0pP54PLYyCfZ+fCEAtxkoTTh6two9i9wrZphyreecv8wPFZKuPFKTpFnWbaKSn\nD3ihzYEafeoSpLeLzHxKIjqFBWTanMBUYj3jl6084iN7JiQqVbgYy/9P0fMl/e3Z\n36QnwPreBpPcH4AeCrJM\n=mt7z\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9858"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "PACKETSTORM",
"id": "157882"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9858",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "157882",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1871",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-65926",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187983",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "PACKETSTORM",
"id": "157882"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
]
},
"id": "VAR-202006-1645",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:00.609000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211186",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211186"
},
{
"title": "HT211186",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211186"
},
{
"title": "Apple Windows Migration Assistant Windows Installer Fixes for component code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121610"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht211186"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9858"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9858"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1871/"
},
{
"trust": 0.6,
"url": "http://support.apple.com/en-us/ht211186"
},
{
"trust": 0.6,
"url": "http://support.apple.com/kb/ht211186"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157882/apple-security-advisory-2020-05-26-11.html"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204087"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "PACKETSTORM",
"id": "157882"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187983"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"db": "PACKETSTORM",
"id": "157882"
},
{
"db": "NVD",
"id": "CVE-2020-9858"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-187983"
},
{
"date": "2020-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"date": "2020-05-29T19:06:14",
"db": "PACKETSTORM",
"id": "157882"
},
{
"date": "2020-06-09T17:15:15.487000",
"db": "NVD",
"id": "CVE-2020-9858"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-187983"
},
{
"date": "2020-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006554"
},
{
"date": "2020-06-15T18:18:57.167000",
"db": "NVD",
"id": "CVE-2020-9858"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows Migration Assistant Vulnerability in uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006554"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1263"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…