Vulnerability CVE-2019-14899


Published: 2019-12-11

Description:
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

Type:

NVD-CWE-Other

CVSS2 => (AV:A/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.4/10
4.4/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Openbsd -> Openbsd 
Linux -> Linux kernel 
Freebsd -> Freebsd 
Apple -> Iphone os 
Apple -> Mac os 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899
https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/

Copyright 2024, cxsecurity.com

 

Back to Top