Sign-up

ID

VAR-202004-2184


CVE

CVE-2020-11024


TITLE

Moonlight iOS/tvOS Certificate validation vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005057

DESCRIPTION

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS. Moonlight iOS/tvOS Exists in a certificate validation vulnerability.Information may be obtained and tampered with. Moonlight is an open source implementation of the NVIDIA GameStream protocol based on iOS and tvOS platforms. It is mainly used to stream game video to supported devices. There are security vulnerabilities in Moonlight versions prior to 4.0.1 (iOS/tvOS). An attacker can use this vulnerability to induce an attacker to connect to a server controlled by the attacker by implementing a man-in-the-middle attack

Trust: 2.25

sources: NVD: CVE-2020-11024 // JVNDB: JVNDB-2020-005057 // CNVD: CNVD-2020-27237 // VULMON: CVE-2020-11024

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27237

AFFECTED PRODUCTS

vendor:moonlight streammodel:moonlightscope:ltversion:4.0.1

Trust: 1.0

vendor:moonlight streammodel:moonlightscope:eqversion:4.0.1

Trust: 0.8

vendor:moonlightmodel:moonlightscope:ltversion:4.0.1

Trust: 0.6

vendor:moonlight streammodel:moonlightscope:eqversion:0.1.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.2.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.2.1

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.2.2

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.3.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.3.1

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.3.2

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.4.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.4.1

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.9.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.9.1

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:0.9.2

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.0.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.0.1

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.0.2

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.0.3

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.0.4

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.1.2

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.1.3

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.1.4

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.2.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.3.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.4.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.5.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.6.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.7.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:1.8.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:2.0.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:2.1.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:2.2.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:2.3.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:2.4.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:2.5.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:2.6.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:2.7.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:2.8.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:3.0.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:3.2.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:3.3.0

Trust: 0.1

vendor:moonlight streammodel:moonlightscope:eqversion:4.0.0

Trust: 0.1

sources: CNVD: CNVD-2020-27237 // VULMON: CVE-2020-11024 // JVNDB: JVNDB-2020-005057 // NVD: CVE-2020-11024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11024
value: HIGH

Trust: 1.0

security-advisories@github.com: CVE-2020-11024
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005057
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27237
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2422
value: HIGH

Trust: 0.6

VULMON: CVE-2020-11024
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-11024
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005057
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27237
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-11024
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 5.8
version: 3.1

Trust: 1.0

security-advisories@github.com: CVE-2020-11024
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.3
impactScore: 5.3
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005057
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27237 // VULMON: CVE-2020-11024 // JVNDB: JVNDB-2020-005057 // CNNVD: CNNVD-202004-2422 // NVD: CVE-2020-11024 // NVD: CVE-2020-11024

PROBLEMTYPE DATA

problemtype:CWE-300

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:CWE-295

Trust: 0.8

sources: JVNDB: JVNDB-2020-005057 // NVD: CVE-2020-11024

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2422

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-2422

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005057

PATCH
title:Merge pull request #405 from loki-47-6F-64/masterurl:https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc
Trust: 0.8
title:Don't send PIN to GFE #405url:https://github.com/moonlight-stream/moonlight-ios/pull/405
Trust: 0.8
title:Moonlight iOS/tvOS pairing process is vulnerable to man-in-the-middle attackurl:https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-gp8q-h6j3
Trust: 0.8
title:Patch for Moonlight Trust Management Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/216893
Trust: 0.6
title:Moonlight Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117932
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-27237 // 
            
            
            
            JVNDB: JVNDB-2020-005057 // 
            
            
            
            CNNVD: CNNVD-202004-2422

EXTERNAL IDS
db:NVDid:CVE-2020-11024
Trust: 3.1
db:JVNDBid:JVNDB-2020-005057
Trust: 0.8
db:CNVDid:CNVD-2020-27237
Trust: 0.6
db:CNNVDid:CNNVD-202004-2422
Trust: 0.6
db:VULMONid:CVE-2020-11024
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27237 // 
            
            
            
            VULMON: CVE-2020-11024 // 
            
            
            
            JVNDB: JVNDB-2020-005057 // 
            
            
            
            CNNVD: CNNVD-202004-2422 // 
            
            
            
            NVD: CVE-2020-11024

REFERENCES
url:https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe133382673694b6e8cc
Trust: 1.7
url:https://github.com/moonlight-stream/moonlight-ios/pull/405
Trust: 1.7
url:https://github.com/moonlight-stream/moonlight-ios/security/advisories/ghsa-g298-gp8q-h6j3
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-11024
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11024
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/295.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181265
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-11024 // 
            
            
            
            JVNDB: JVNDB-2020-005057 // 
            
            
            
            CNNVD: CNNVD-202004-2422 // 
            
            
            
            NVD: CVE-2020-11024

SOURCES
db:CNVDid:CNVD-2020-27237
db:VULMONid:CVE-2020-11024
db:JVNDBid:JVNDB-2020-005057
db:CNNVDid:CNNVD-202004-2422
db:NVDid:CVE-2020-11024

LAST UPDATE DATE
2024-11-23T21:35:51.523000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27237date:2020-05-10T00:00:00
db:VULMONid:CVE-2020-11024date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2020-005057date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2422date:2021-10-27T00:00:00
db:NVDid:CVE-2020-11024date:2024-11-21T04:56:36.803

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-27237date:2020-05-09T00:00:00
db:VULMONid:CVE-2020-11024date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005057date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2422date:2020-04-29T00:00:00
db:NVDid:CVE-2020-11024date:2020-04-29T21:15:11.807