Sign-up

ID

VAR-202006-1645


CVE

CVE-2020-9858


TITLE

Windows Migration Assistant Vulnerability in uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006554

DESCRIPTION

A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. Windows Migration Assistant There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker could exploit this vulnerability to execute arbitrary code. 1A11) may be obtained from: https://support.apple.com/HT204087 -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJezV7HAAoJEAc+Lhnt8tDNSw4P/j8sU2LQwEfqyLYryJ8Au/dv +ex17R8IFIDrmUikPsS0Ox0DqWhJDOTqGdL4JPDSnw2G6jqVQTZ7iCsSBS10CwBU 04U83/2ikYCraJlgOfA8KM4VFZEvgLPCh9DjApPYX07XwzJgGts3crLKKvcERD+2 C6hLKFZfwwXZm3Io49QjfmOOrDVYgGJ0LAtgtQN3AVZ4JaORjlPznPHBQzpe1Psv dOzxHO3Y6Jp2ihWfkomMWR4H+g3QGlFmNjJBveR0qds/i34GFmp61Ue/KDQ+KfXS 6XurJqa/tm4lIXU7k+Zm2TsRJVZxkNo3KSPQO3p13ZQ838aHfwHePwH1BB0aS9fB bDULYENPjYWFptn9Y2WEa/jEFDmfA2cEhIZZIUotqiyXZRQOlDOVYUn94i57QiJ+ 8wJeAXqU1CLfa/NKELq2J7LGwLtSaa5q+1ujcJvt8hsQDr3LcdhMDePg3AO1EYne G6by3d8J24lhpDd417CC9IKoQoiaiNEaBis7zAuLL59MWFeVlAc+hfEfX93GEqEb 0w0pP54PLYyCfZ+fCEAtxkoTTh6two9i9wrZphyreecv8wPFZKuPFKTpFnWbaKSn D3ihzYEafeoSpLeLzHxKIjqFBWTanMBUYj3jl6084iN7JiQqVbgYy/9P0fMl/e3Z 36QnwPreBpPcH4AeCrJM =mt7z -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2020-9858 // JVNDB: JVNDB-2020-006554 // VULHUB: VHN-187983 // PACKETSTORM: 157882

AFFECTED PRODUCTS

vendor:applemodel:windows migration assistantscope:ltversion:2.2.0.0

Trust: 1.0

vendor:applemodel:windows migration assistantscope:eqversion:2.2.0.0 (v.1a11)

Trust: 0.8

sources: JVNDB: JVNDB-2020-006554 // NVD: CVE-2020-9858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9858
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006554
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-1263
value: HIGH

Trust: 0.6

VULHUB: VHN-187983
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9858
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006554
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187983
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9858
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006554
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187983 // JVNDB: JVNDB-2020-006554 // CNNVD: CNNVD-202005-1263 // NVD: CVE-2020-9858

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.9

sources: VULHUB: VHN-187983 // JVNDB: JVNDB-2020-006554 // NVD: CVE-2020-9858

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1263

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-1263

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006554

PATCH
title:HT211186url:https://support.apple.com/en-us/HT211186
Trust: 0.8
title:HT211186url:https://support.apple.com/ja-jp/HT211186
Trust: 0.8
title:Apple Windows Migration Assistant Windows Installer Fixes for component code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121610
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006554 // 
            
            
            
            CNNVD: CNNVD-202005-1263

EXTERNAL IDS
db:NVDid:CVE-2020-9858
Trust: 2.6
db:PACKETSTORMid:157882
Trust: 0.8
db:JVNDBid:JVNDB-2020-006554
Trust: 0.8
db:CNNVDid:CNNVD-202005-1263
Trust: 0.7
db:AUSCERTid:ESB-2020.1871
Trust: 0.6
db:CNVDid:CNVD-2020-65926
Trust: 0.1
db:VULHUBid:VHN-187983
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187983 // 
            
            
            
            JVNDB: JVNDB-2020-006554 // 
            
            
            
            PACKETSTORM: 157882 // 
            
            
            
            CNNVD: CNNVD-202005-1263 // 
            
            
            
            NVD: CVE-2020-9858

REFERENCES
url:https://support.apple.com/ht211186
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-9858
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9858
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1871/
Trust: 0.6
url:http://support.apple.com/en-us/ht211186
Trust: 0.6
url:http://support.apple.com/kb/ht211186
Trust: 0.6
url:https://packetstormsecurity.com/files/157882/apple-security-advisory-2020-05-26-11.html
Trust: 0.6
url:https://support.apple.com/ht204087
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187983 // 
            
            
            
            JVNDB: JVNDB-2020-006554 // 
            
            
            
            PACKETSTORM: 157882 // 
            
            
            
            CNNVD: CNNVD-202005-1263 // 
            
            
            
            NVD: CVE-2020-9858

CREDITS
Apple
Trust: 0.7
sources:
            
            
            PACKETSTORM: 157882 // 
            
            
            
            CNNVD: CNNVD-202005-1263

SOURCES
db:VULHUBid:VHN-187983
db:JVNDBid:JVNDB-2020-006554
db:PACKETSTORMid:157882
db:CNNVDid:CNNVD-202005-1263
db:NVDid:CVE-2020-9858

LAST UPDATE DATE
2024-11-23T22:16:26.718000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187983date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-006554date:2020-07-10T00:00:00
db:CNNVDid:CNNVD-202005-1263date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9858date:2024-11-21T05:41:25.317

SOURCES RELEASE DATE
db:VULHUBid:VHN-187983date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006554date:2020-07-10T00:00:00
db:PACKETSTORMid:157882date:2020-05-29T19:06:14
db:CNNVDid:CNNVD-202005-1263date:2020-05-26T00:00:00
db:NVDid:CVE-2020-9858date:2020-06-09T17:15:15.487