CVE-2020-11024

low-risk
Published 2020-04-29

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.

Do I need to act?

-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
PHYSICAL / HIGH complexity

Affected Products (2)

Moonlight
Moonlight

Affected Vendors

Moonlight-Stream

References (6)

Patch https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe1...
Patch https://github.com/moonlight-stream/moonlight-ios/pull/405
Third Party Advisory https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-...
Patch https://github.com/moonlight-stream/moonlight-ios/commit/b0149b2fe9125a77ee11fe1...
Patch https://github.com/moonlight-stream/moonlight-ios/pull/405
Third Party Advisory https://github.com/moonlight-stream/moonlight-ios/security/advisories/GHSA-g298-...
24
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low