Vulnerability-Lookup

CVE-2020-11024 (GCVE-0-2020-11024)

Vulnerability from cvelistv5 – Published: 2020-04-29 20:55 – Updated: 2024-08-04 11:21

Title

Man-in-the-middle attack in Moonlight iOS/tvOS

Summary

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

CWE

CWE-300 - Channel Accessible by Non-Endpoint

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	moonlight-stream	Moonlight	Affected: < 4.0.1

FKIE_CVE-2020-11024

Vulnerability from fkie_nvd - Published: 2020-04-29 21:15 - Updated: 2024-11-21 04:56

Severity ?

6.1 (Medium) - CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
8.2 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Summary

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.

References

URL	Tags
security-advisories@github.com	https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/moonlight-stream/moonlight-ios/pull/405	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/moonlight-stream/moonlight-ios/pull/405	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3	Third Party Advisory

Impacted products

	Vendor	Product	Version
	moonlight-stream	moonlight	*
	moonlight-stream	moonlight	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "BB1C5F97-1454-4938-9844-B994B4BF7E27",
              "versionEndExcluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:tvos:*:*",
              "matchCriteriaId": "62E7DF05-3914-4723-B9E0-960D79296FAC",
              "versionEndExcluding": "4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS."
    },
    {
      "lang": "es",
      "value": "En Moonlight iOS/tvOS versiones anteriores a la versi\u00f3n 4.0.1, el proceso de emparejamiento es vulnerable a un ataque de tipo man-in-the-middle. El bug se ha corregido en Moonlight versi\u00f3n v4.0.1 para iOS y tvOS."
    }
  ],
  "id": "CVE-2020-11024",
  "lastModified": "2024-11-21T04:56:36.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "LOW",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.3,
        "impactScore": 5.3,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-29T21:15:11.807",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/moonlight-stream/moonlight-ios/pull/405"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/moonlight-stream/moonlight-ios/pull/405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-300"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202004-2184

Vulnerability from variot - Updated: 2024-11-23 21:35

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS. Moonlight iOS/tvOS Exists in a certificate validation vulnerability.Information may be obtained and tampered with. Moonlight is an open source implementation of the NVIDIA GameStream protocol based on iOS and tvOS platforms. It is mainly used to stream game video to supported devices.

There are security vulnerabilities in Moonlight versions prior to 4.0.1 (iOS/tvOS). An attacker can use this vulnerability to induce an attacker to connect to a server controlled by the attacker by implementing a man-in-the-middle attack

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-2184",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "moonlight",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "moonlight stream",
        "version": "4.0.1"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "moonlight stream",
        "version": "4.0.1"
      },
      {
        "model": "moonlight",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "moonlight",
        "version": "4.0.1"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.1.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.2.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.2.1"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.2.2"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.3.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.3.1"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.3.2"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.4.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.4.1"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.9.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.9.1"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "0.9.2"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.0.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.0.1"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.0.2"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.0.3"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.0.4"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.1.2"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.1.3"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.1.4"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.2.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.3.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.4.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.5.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.6.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.7.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "1.8.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "2.0.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "2.1.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "2.2.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "2.3.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "2.4.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "2.5.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "2.6.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "2.7.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "2.8.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "3.0.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "3.2.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "3.3.0"
      },
      {
        "model": "moonlight",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "moonlight stream",
        "version": "4.0.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11024"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:moonlight-stream:moonlight",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      }
    ]
  },
  "cve": "CVE-2020-11024",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CVE-2020-11024",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.9,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005057",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2020-27237",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-11024",
            "impactScore": 5.8,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "author": "security-advisories@github.com",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.3,
            "id": "CVE-2020-11024",
            "impactScore": 5.3,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 8.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005057",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-11024",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "security-advisories@github.com",
            "id": "CVE-2020-11024",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-005057",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-27237",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-2422",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-11024",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2422"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11024"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11024"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS. Moonlight iOS/tvOS Exists in a certificate validation vulnerability.Information may be obtained and tampered with. Moonlight is an open source implementation of the NVIDIA GameStream protocol based on iOS and tvOS platforms. It is mainly used to stream game video to supported devices. \n\r\n\r\nThere are security vulnerabilities in Moonlight versions prior to 4.0.1 (iOS/tvOS). An attacker can use this vulnerability to induce an attacker to connect to a server controlled by the attacker by implementing a man-in-the-middle attack",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-11024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11024"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-11024",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-27237",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2422",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11024",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2422"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11024"
      }
    ]
  },
  "id": "VAR-202004-2184",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      }
    ],
    "trust": 0.7875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:35:51.523000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Merge pull request #405 from loki-47-6F-64/master",
        "trust": 0.8,
        "url": "https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc"
      },
      {
        "title": "Don\u0027t send PIN to GFE #405",
        "trust": 0.8,
        "url": "https://github.com/moonlight-stream/moonlight-ios/pull/405"
      },
      {
        "title": "Moonlight iOS/tvOS pairing process is vulnerable to man-in-the-middle attack",
        "trust": 0.8,
        "url": "https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3"
      },
      {
        "title": "Patch for Moonlight Trust Management Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/216893"
      },
      {
        "title": "Moonlight Repair measures for trust management problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117932"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2422"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-300",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-295",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11024"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/moonlight-stream/moonlight-ios/pull/405"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/moonlight-stream/moonlight-ios/security/advisories/ghsa-g298-gp8q-h6j3"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11024"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11024"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/295.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181265"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-11024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2422"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11024"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-11024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2422"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-11024"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      },
      {
        "date": "2020-04-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-11024"
      },
      {
        "date": "2020-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "date": "2020-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2422"
      },
      {
        "date": "2020-04-29T21:15:11.807000",
        "db": "NVD",
        "id": "CVE-2020-11024"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-27237"
      },
      {
        "date": "2020-05-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-11024"
      },
      {
        "date": "2020-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      },
      {
        "date": "2021-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-2422"
      },
      {
        "date": "2024-11-21T04:56:36.803000",
        "db": "NVD",
        "id": "CVE-2020-11024"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2422"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moonlight iOS/tvOS Certificate validation vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005057"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-2422"
      }
    ],
    "trust": 0.6
  }
}

GSD-2020-11024

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.

Aliases

CVE-2020-11024

Aliases

CVE-2020-11024

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-11024",
    "description": "In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.",
    "id": "GSD-2020-11024"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-11024"
      ],
      "details": "In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.",
      "id": "GSD-2020-11024",
      "modified": "2023-12-13T01:22:07.082470Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-11024",
        "STATE": "PUBLIC",
        "TITLE": "Man-in-the-middle attack in Moonlight iOS/tvOS"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Moonlight",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 4.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "moonlight-stream"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "LOW",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-300: Channel Accessible by Non-Endpoint"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3",
            "refsource": "CONFIRM",
            "url": "https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3"
          },
          {
            "name": "https://github.com/moonlight-stream/moonlight-ios/pull/405",
            "refsource": "MISC",
            "url": "https://github.com/moonlight-stream/moonlight-ios/pull/405"
          },
          {
            "name": "https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc",
            "refsource": "MISC",
            "url": "https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-g298-gp8q-h6j3",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:iphone_os:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moonlight-stream:moonlight:*:*:*:*:*:tvos:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11024"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/moonlight-stream/moonlight-ios/pull/405",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/moonlight-stream/moonlight-ios/pull/405"
            },
            {
              "name": "https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3"
            },
            {
              "name": "https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.8
        }
      },
      "lastModifiedDate": "2021-10-26T20:01Z",
      "publishedDate": "2020-04-29T21:15Z"
    }
  }
}

CNVD-2020-27237

Vulnerability from cnvd - Published: 2020-05-09

Title

Moonlight信任管理问题漏洞

Description

Moonlight是一款基于iOS和tvOS平台的NVIDIA GameStream协议的开源实现，它主要用于将游戏视频流流式传输到受支持的设备。 Moonlight 4.0.1之前版本（iOS/tvOS）中存在安全漏洞。攻击者可通过实施中间人攻击利用该漏洞诱使攻击者连接到攻击者控制的服务器上。

Severity

中

Patch Name

Moonlight信任管理问题漏洞的补丁

Patch Description

Moonlight是一款基于iOS和tvOS平台的NVIDIA GameStream协议的开源实现，它主要用于将游戏视频流流式传输到受支持的设备。 Moonlight 4.0.1之前版本（iOS/tvOS）中存在安全漏洞。攻击者可通过实施中间人攻击利用该漏洞诱使攻击者连接到攻击者控制的服务器上。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3

Impacted products

Name
Moonlight Moonlight <4.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11024"
    }
  },
  "description": "Moonlight\u662f\u4e00\u6b3e\u57fa\u4e8eiOS\u548ctvOS\u5e73\u53f0\u7684NVIDIA GameStream\u534f\u8bae\u7684\u5f00\u6e90\u5b9e\u73b0\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u5c06\u6e38\u620f\u89c6\u9891\u6d41\u6d41\u5f0f\u4f20\u8f93\u5230\u53d7\u652f\u6301\u7684\u8bbe\u5907\u3002\n\nMoonlight 4.0.1\u4e4b\u524d\u7248\u672c\uff08iOS/tvOS\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u8bf1\u4f7f\u653b\u51fb\u8005\u8fde\u63a5\u5230\u653b\u51fb\u8005\u63a7\u5236\u7684\u670d\u52a1\u5668\u4e0a\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-27237",
  "openTime": "2020-05-09",
  "patchDescription": "Moonlight\u662f\u4e00\u6b3e\u57fa\u4e8eiOS\u548ctvOS\u5e73\u53f0\u7684NVIDIA GameStream\u534f\u8bae\u7684\u5f00\u6e90\u5b9e\u73b0\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u5c06\u6e38\u620f\u89c6\u9891\u6d41\u6d41\u5f0f\u4f20\u8f93\u5230\u53d7\u652f\u6301\u7684\u8bbe\u5907\u3002\r\n\r\nMoonlight 4.0.1\u4e4b\u524d\u7248\u672c\uff08iOS/tvOS\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u8bf1\u4f7f\u653b\u51fb\u8005\u8fde\u63a5\u5230\u653b\u51fb\u8005\u63a7\u5236\u7684\u670d\u52a1\u5668\u4e0a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moonlight\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Moonlight Moonlight \u003c4.0.1"
  },
  "serverity": "\u4e2d",
  "submitTime": "2020-04-30",
  "title": "Moonlight\u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-11024 (GCVE-0-2020-11024)

FKIE_CVE-2020-11024

VAR-202004-2184

GSD-2020-11024

CNVD-2020-27237

Tags

Sightings

Nomenclature