Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
Low
Attack Vector
Adjacent_network
0

CVE-2019-14899

Disclosure Date: December 11, 2019
CVE-2019-14899 CVSS v3 Base Score: 7.4
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.4 High
Impact Score:
5.9
Exploitability Score:
1.5
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
VPN n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apple,
  • freebsd,
  • linux,
  • openbsd

Products

  • freebsd -,
  • ipados,
  • iphone os,
  • linux kernel -,
  • mac os x,
  • macos 11.0,
  • openbsd -,
  • tvos

References

Canonical
CVE-2019-14899 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14899)
Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899
https://support.apple.com/kb/HT211288
https://support.apple.com/kb/HT211290
https://support.apple.com/kb/HT211289
20200717 APPLE-SA-2020-07-15-3 tvOS 13.4.8 (http://seclists.org/fulldisclosure/2020/Jul/25)
20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra (http://seclists.org/fulldisclosure/2020/Jul/24)
20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6 (http://seclists.org/fulldisclosure/2020/Jul/23)
[oss-security] 20200813 Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) (http://www.openwall.com/lists/oss-security/2020/08/13/2)
[oss-security] 20201007 Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. (http://www.openwall.com/lists/oss-security/2020/10/07/3)
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT211850
20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 (http://seclists.org/fulldisclosure/2020/Nov/20)
20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 (http://seclists.org/fulldisclosure/2020/Dec/32)
[oss-security] 20210704 Re: Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) (http://www.openwall.com/lists/oss-security/2021/07/05/1)
Miscellaneous
https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software
https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis