A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
01 Mar 2023, 16:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:* | |
First Time |
Apple macos
|
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/07/05/1 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT211850 - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2020/10/07/3 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2020/Nov/20 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT211931 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2020/Dec/32 - Mailing List, Third Party Advisory |
09 Jan 2023, 16:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | |
First Time |
Apple ipados
|
|
References |
|
05 Jul 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2019-12-11 15:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-14899
Mitre link : CVE-2019-14899
CVE.ORG link : CVE-2019-14899
JSON object : View
Products Affected
apple
- iphone_os
- tvos
- ipados
- mac_os_x
- macos
freebsd
- freebsd
linux
- linux_kernel
openbsd
- openbsd
CWE