vulnerability

Ubuntu: (CVE-2019-14899): linux vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:A/AC:M/Au:S/C:P/I:P/A:P)	Dec 11, 2019	Jun 26, 2025	Jul 28, 2025

Severity

CVSS

(AV:A/AC:M/Au:S/C:P/I:P/A:P)

Published

Dec 11, 2019

Added

Jun 26, 2025

Modified

Jul 28, 2025

Description

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

Solution

no-fix-ubuntu-package

References

CVE-2019-14899
https://attackerkb.com/topics/CVE-2019-14899
URL-https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/
URL-https://www.cve.org/CVERecord?id=CVE-2019-14899
URL-https://www.openwall.com/lists/oss-security/2019/12/05/1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today