CVE-2019-14899

Summary

CVE	CVE-2019-14899
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-12-11 15:15:00 UTC
Updated	2023-03-01 16:40:00 UTC
Description	A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

Risk And Classification

Problem Types: CWE-300

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Ipados	All	All	All	All
Operating System	Apple	Ipad Os	All	All	All	All
Operating System	Apple	Ipad Os	All	All	All	All
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Apple	Macos	11.0	All	All	All
Operating System	Apple	Mac Os X	All	All	All	All
Operating System	Apple	Mac Os X	All	All	All	All
Operating System	Apple	Tvos	All	All	All	All
Operating System	Apple	Tvos	All	All	All	All
Operating System	Freebsd	Freebsd	-	All	All	All
Operating System	Freebsd	Freebsd	-	All	All	All
Operating System	Linux	Linux Kernel	-	All	All	All
Operating System	Linux	Linux Kernel	-	All	All	All
Operating System	Openbsd	Openbsd	-	All	All	All
Operating System	Openbsd	Openbsd	-	All	All	All

References

Reference	Source	Link	Tags
oss-security - Re: Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up)	MLIST	www.openwall.com
oss-security - Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.	MLIST	www.openwall.com
tvOS 13.4.8'in güvenlik içeriği hakkında - Apple Destek	CONFIRM	support.apple.com	Third Party Advisory
Full Disclosure: APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6	FULLDISC	seclists.org	Mailing List, Third Party Advisory
Full Disclosure: APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1	FULLDISC	seclists.org
About the security content of macOS Big Sur 11.0.1 - Apple Support	CONFIRM	support.apple.com
1774905 – (CVE-2019-14899) CVE-2019-14899 VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel	CONFIRM	bugzilla.redhat.com	Issue Tracking, Third Party Advisory
About the security content of iOS 13.6 and iPadOS 13.6 - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
Full Disclosure: APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra	FULLDISC	seclists.org	Mailing List, Third Party Advisory
oss-security - Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up)	MLIST	www.openwall.com	Mailing List, Third Party Advisory
Full Disclosure: APPLE-SA-2020-07-15-3 tvOS 13.4.8	FULLDISC	seclists.org	Mailing List, Third Party Advisory
About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
About the security content of iOS 14.0 and iPadOS 14.0 - Apple Support	CONFIRM	support.apple.com
Full Disclosure: APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0	FULLDISC	seclists.org
No flaws found in OpenVPN software \| OpenVPN	MISC	openvpn.net	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.