Security News > 2019 > December > New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
2019-12-06 03:02

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The vulnerability, tracked as CVE-2019-14899, resides in the networking stacks of various operating systems


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/yNn_RjYXLEQ/linux-vpn-hacking.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-14899 Man-in-the-Middle vulnerability in multiple products
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream.
low complexity
freebsd linux openbsd apple CWE-300
7.4
7.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 18 378 1429 1129 696 3632