CVE Vulnerability

CVE-2020-11024

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.

4.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

8.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/moonlight-stream/moonlight-ios/pull/405 Patch Third Party Advisory
https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3 Third Party Advisory
https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:tvos:*:*
cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:iphone_os:*:*
Information

Published : 2020-04-29 09:15

Updated : 2021-10-26 08:01

NVD link : CVE-2020-11024

Mitre link : CVE-2020-11024

Products Affected
No products.
CWE
CWE-200