Vulnerability in Red Hat Vpn
CVE-2019-14899
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they…
EPSS: 0.001 (16.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.4 (High). Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Red Hat Vpn — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
- openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/ (x_refsource_MISC)
- support.apple.com/kb/HT211288 (x_refsource_CONFIRM)
- support.apple.com/kb/HT211290 (x_refsource_CONFIRM)
- support.apple.com/kb/HT211289 (x_refsource_CONFIRM)
- 20200717 APPLE-SA-2020-07-15-3 tvOS 13.4.8 (mailing-list, x_refsource_FULLDISC)
- 20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra (mailing-list, x_refsource_FULLDISC)
- 20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6 (mailing-list, x_refsource_FULLDISC)
- [oss-security] 20200813 Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up) (mailing-list, x_refsource_MLIST)
- support.apple.com/kb/HT211850 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2019-14899?
- CVE-2019-14899 is a high-severity vulnerability in Red Hat Vpn, classified under Channel Accessible by Non-Endpoint. CVSS score: 7.4/10. Published 2019-12-11.
- How severe is CVE-2019-14899?
- High severity. CVSS v3 base score is 7.4 out of 10.
- Is CVE-2019-14899 known to be exploited?
- 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.