Unrated severityNVD Advisory· Published Dec 11, 2019· Updated Aug 5, 2024

CVE-2019-14899

Description

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

Affected products

osv-coords59 versions
pkg:apk/chainguard/hyperv-daemons pkg:apk/chainguard/hyperv-daemons-6.18 pkg:apk/chainguard/hyperv-daemons-generic pkg:apk/chainguard/linux pkg:apk/chainguard/linux-aws-6.12 pkg:apk/chainguard/linux-aws-6.12-boot-installed pkg:apk/chainguard/linux-aws-6.12-fips-boot-installed pkg:apk/chainguard/linux-aws-6.12-headers pkg:apk/chainguard/linux-aws-6.12-modules pkg:apk/chainguard/linux-aws-6.18 pkg:apk/chainguard/linux-aws-6.18-boot-installed pkg:apk/chainguard/linux-aws-6.18-fips-boot-installed pkg:apk/chainguard/linux-aws-6.18-headers pkg:apk/chainguard/linux-aws-6.18-modules pkg:apk/chainguard/linux-aws-generic pkg:apk/chainguard/linux-aws-generic-boot-configuration pkg:apk/chainguard/linux-aws-generic-boot-installed pkg:apk/chainguard/linux-aws-generic-fips-boot-installed pkg:apk/chainguard/linux-aws-generic-headers pkg:apk/chainguard/linux-aws-generic-modules pkg:apk/chainguard/linux-azure-6.12 pkg:apk/chainguard/linux-azure-6.18 pkg:apk/chainguard/linux-azure-6.18-boot-installed pkg:apk/chainguard/linux-azure-6.18-fips-boot-installed pkg:apk/chainguard/linux-azure-6.18-headers pkg:apk/chainguard/linux-azure-6.18-modules pkg:apk/chainguard/linux-azure-generic pkg:apk/chainguard/linux-azure-generic-boot-configuration pkg:apk/chainguard/linux-azure-generic-boot-installed pkg:apk/chainguard/linux-azure-generic-fips-boot-installed pkg:apk/chainguard/linux-azure-generic-headers pkg:apk/chainguard/linux-azure-generic-modules pkg:apk/chainguard/linux-boot-configuration pkg:apk/chainguard/linux-boot-installed pkg:apk/chainguard/linux-gcp-6.12 pkg:apk/chainguard/linux-gcp-6.18 pkg:apk/chainguard/linux-gcp-6.18-boot-installed pkg:apk/chainguard/linux-gcp-6.18-fips-boot-installed pkg:apk/chainguard/linux-gcp-6.18-headers pkg:apk/chainguard/linux-gcp-6.18-modules pkg:apk/chainguard/linux-gcp-generic pkg:apk/chainguard/linux-gcp-generic-boot-installed pkg:apk/chainguard/linux-gcp-generic-fips-boot-installed pkg:apk/chainguard/linux-gcp-generic-headers pkg:apk/chainguard/linux-gcp-generic-modules pkg:apk/chainguard/linux-modules pkg:apk/chainguard/linux-qemu-6.12 pkg:apk/chainguard/linux-qemu-6.18 pkg:apk/chainguard/linux-qemu-generic pkg:apk/chainguard/linux-qemu-generic-bootc-boot-installed pkg:apk/chainguard/linux-qemu-melange pkg:apk/chainguard/linux-qemu-rc pkg:apk/chainguard/linux-qemu-rc-boot-installed pkg:apk/chainguard/linux-qemu-rc-fips-boot-installed pkg:apk/chainguard/linux-qemu-rc-headers pkg:apk/chainguard/linux-qemu-rc-modules pkg:apk/chainguard/linux-vmware-6.12 pkg:apk/chainguard/linux-vmware-6.18 pkg:apk/chainguard/linux-vmware-generic
< 0+ 58 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 6.18.5-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Red Hat/VPNv5
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2020/Dec/32mitremailing-listx_refsource_FULLDISC
seclists.org/fulldisclosure/2020/Jul/23mitremailing-listx_refsource_FULLDISC
seclists.org/fulldisclosure/2020/Jul/24mitremailing-listx_refsource_FULLDISC
seclists.org/fulldisclosure/2020/Jul/25mitremailing-listx_refsource_FULLDISC
seclists.org/fulldisclosure/2020/Nov/20mitremailing-listx_refsource_FULLDISC
www.openwall.com/lists/oss-security/2020/08/13/2mitremailing-listx_refsource_MLIST
www.openwall.com/lists/oss-security/2020/10/07/3mitremailing-listx_refsource_MLIST
www.openwall.com/lists/oss-security/2021/07/05/1mitremailing-listx_refsource_MLIST
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/mitrex_refsource_MISC
support.apple.com/kb/HT211288mitrex_refsource_CONFIRM
support.apple.com/kb/HT211289mitrex_refsource_CONFIRM
support.apple.com/kb/HT211290mitrex_refsource_CONFIRM
support.apple.com/kb/HT211850mitrex_refsource_CONFIRM
support.apple.com/kb/HT211931mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000