Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-14899

Опубликовано: 11 дек. 2019
Источник: nvd
CVSS3: 7.4
CVSS3: 7.4
CVSS2: 4.9
EPSS Низкий

Описание

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:-:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Версия до 13.6 (исключая)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Версия до 13.6 (исключая)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия до 10.15.6 (исключая)
cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Версия до 13.4.8 (исключая)

EPSS

Процентиль: 17%
0.00055
Низкий

7.4 High

CVSS3

7.4 High

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-300
NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2019-14899

CVSS3: 7.4
ubuntu
около 6 лет назад

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

redhat логотип

CVE-2019-14899

CVSS3: 7.4
redhat
около 6 лет назад

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

debian логотип

CVE-2019-14899

CVSS3: 7.4
debian
около 6 лет назад

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, ...

github логотип

GHSA-rwr5-xr2c-7wc8

CVSS3: 7.4
github
больше 3 лет назад

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

fstec логотип

BDU:2020-01707

CVSS3: 7.4
fstec
около 6 лет назад

Уязвимость операционной системы Linux, связанная с ошибкой определения подключения к сети VPN, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 17%
0.00055
Низкий

7.4 High

CVSS3

7.4 High

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-300
NVD-CWE-Other