{"vulnerability": "CVE-2019-14899", "sightings": [{"uuid": "4a29691d-3560-44f9-9973-42ca22d1e48b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2019-14899", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/tcpip-toteutuksista-loydetty-haavoittuvuus-mahdollistaa-saamaan-tietoa-vpn-yhteyksien-tilasta-ja", "content": "", "creation_timestamp": "2019-12-16T13:54:00.000000Z"}, {"uuid": "f8164537-6377-4c87-9cda-23d0ed5f8c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2019-14899", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "765f8064-8ead-4b12-9017-973abfdeda49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-14899", "type": "seen", "source": "https://t.me/thehackernews/553", "content": "Important \ud83d\udc49 A new unpatched #vulnerability (CVE-2019-14899) could let network attackers hijack encrypted VPN connections.\n\nMost Linux and Unix-like operating systems are vulnerable, including Ubuntu, Debian, OpenBSD, macOS, iOS, and Android.\n\nhttps://thehackernews.com/2019/12/linux-vpn-hacking.html", "creation_timestamp": "2019-12-09T08:19:50.000000Z"}, {"uuid": "c463d860-0655-4b31-aa69-505c0201a2f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-14899", "type": "seen", "source": "https://t.me/ctinow/18363", "content": "New Linux Bug Lets Attackers Hijack Encrypted VPN Connections A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections.\n\nThe vulnerability, tracked as CVE-2019-14899, resides in the networking stacks of various operating systems", "creation_timestamp": "2019-12-06T12:07:14.000000Z"}, {"uuid": "c118702b-cfd6-44d6-916c-e15ba6d11162", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-14899", "type": "seen", "source": "https://t.me/ctinow/18348", "content": "Attacks exploiting CVE-2019-14899 work against OpenVPN, WireGuard, and IKEv2/IPSec, and the researchers are still testing their feasibility against Tor. http://twitter.com/BleepinComputer/status/1202682800203345920", "creation_timestamp": "2019-12-05T21:38:24.000000Z"}, {"uuid": "a2d55fda-fd22-462f-b8df-b74150109a0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-14899", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/464", "content": "#exploit\n1. Apache Solr RCE via Velocity template\nhttps://github.com/jas502n/solr_rce\n\n2. CVE-2019-14899:\nInferring and hijacking VPN-tunneled TCP connections\nhttps://seclists.org/oss-sec/2019/q4/122", "creation_timestamp": "2024-10-11T22:10:25.000000Z"}]}