Published: 11/12/2019 Updated: 01/03/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.4 | Exploitability Score: 4.4

CVSS v3 Base Score: 7.4 | Impact Score: 5.9 | Exploitability Score: 1.5

VMScore: 437

Vector: AV:A/AC:M/Au:S/C:P/I:P/A:P

A vulnerability exists in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an malicious user to hijack active connections inside the VPN tunnel.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freebsd freebsd -
linux linux kernel -
openbsd openbsd -
apple mac os x
apple tvos
apple iphone os
apple ipados
apple macos 11.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-1 iOS 136 and iPadOS 136 iOS 136 and iPadOS 136 are now available and address the following: Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to a ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 1101 macOS Big Sur 1101 addresses the following issues Information about the security content is also available at supportapplecom/HT211931 AMD Available for: Mac Pro (2013 and later), MacBook Air ( ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-2 macOS Catalina 10156, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra macOS Catalina 10156, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra are now available and address the following: Audio Available for: macOS Catalina 10155 ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 140 and iPadOS 140 iOS 140 and iPadOS 140 addresses the following issues Information about the security content is also available at supportapplecom/HT211850 AppleAVD Available for: iPhone 6s and later, iPod ...

oss-sec mailing list archives   By Date By Thread </form>    Re: Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up)  <!--X-Hea ...

oss-sec mailing list archives   By Date By Thread </form>    Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections  <!--X-Head-of-Message-- ...

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc

Enhances miscellaneous security settings Kernel hardening This section is inspired by the Kernel Self Protection Project (KSPP) It implements all recommended Linux kernel settings by the KSPP and many more kernsecorg/wiki/indexphp/Kernel_Self_Protection_Project sysctl sysctl settings are configured via the /etc/sysctld/30_security-miscconf configuration file

WARNING: CONFIG_IP_NF_MATCH_ECN is invalid It is unset Allowed values : y, m, ! Comment says: connman: for iptables ecn match WARNING: CONFIG_BLK_CGROUP is invalid It is unset Allowed values : y, ! Comment says: systemd (optional): 0pointerde/blog/projects/cgroups-vs-cgroupshtml WARNING: CONFIG_IP_NF_TARGET_MASQUERADE is invalid It is unset Allowed values : y, m, ! Com

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc

Enhances miscellaneous security settings Kernel hardening This section is inspired by the Kernel Self Protection Project (KSPP) It implements all recommended Linux kernel settings by the KSPP and many more kernsecorg/wiki/indexphp/Kernel_Self_Protection_Project sysctl sysctl settings are configured via the /etc/sysctld/30_security-miscconf configuration file

Wrapper for OpenVPN on Linux solving various privacy issues

namespaced-openvpn namespaced-openvpn is a wrapper script for OpenVPN on Linux that uses network namespaces to solve a variety of deanonymization, information disclosure, and usability issues Relative to OpenVPN's default behavior, it can be used to provide additional hardening or additional isolation (eg, running some processes inside a VPN and some outside it, or runn

Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

The Register • Shaun Nichols in San Francisco • 06 Dec 2019

OpenVPN, WireGuard, IKEv2/IPSec also vulnerable to tampering flaw, we're told

A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed. The University of New Mexico team of William Tolley, Beau Kujath, and Jedidiah Crandall this week said they've discovered CVE-2019-14899, a security weakness they report to be present in "most" Linux distros, along with Android, iOS, macOS, FreeBSD, and OpenBSD. The upshot is, if exploited, encrypted VPN traffic can be potentially hijacked and disru...

CVE-2019-14899

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect