9 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-14899
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a...
K11155549: IPSEC vulnerability CVE-2019-14899
Security Advisory Description A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine...
SUSE CVE-2019-14899
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and...
SA44328 - 2019-12: Out-of-Cycle Advisory: Vulnerability could allow attackers to sniff or hijack VPN Connections (CVE-2019-14899)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about recently discovered vulnerability CVE-2019-14899. The flaw could be exploited by an attacker who shares the same network segment with the target...
CVE-2019-14899
CVE-2019-14899 is a routing-path/kernel issue affecting macOS (and cited across Linux, FreeBSD, OpenBSD, iOS, Android). The root cause is a VPN-tunnel routing problem that allows a local/adjacent attacker to inject into active VPN connections, enabling data injection and potential VPN hijacking. ...
Check Point Response to CVE-2019-14899 (Inferring and hijacking VPN-tunneled TCP connections)
...
Linux Bug Opens Most VPNs to Hijacking
A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers. According to researchers at University of New Mexico and Breakpointin...
New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The...
Multiple Linux Distributions CVE-2019-14899 Security Bypass Vulnerability
Description Multiple Linux Distributions are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Apple iOS Apple macOS Archlinux Linux 2019.05...