CVE-2014-0160

high

Splunk ⚠️ CISA KEV — Exploited in the Wild

CVSS v3 Base Score

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

94.5%

Exploitation probability in 30 days

Top 0% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

None

Availability

None

Published: April 7, 2014 (4419 days ago)

Last Modified: April 21, 2026

Vendor: Splunk

Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2022-05-04

Remediation Due: 2022-05-25 (⚠ 1450d overdue)

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

CWE

CWE-125

Affected Products

openssl opensslfilezilla-project filezilla serversiemens application processing engine firmwaresiemens cp 1543-1 firmwaresiemens simatic s7-1500 firmwaresiemens simatic s7-1500t firmwaresiemens elan-8.2siemens wincc open architectureintellian v100 firmwareintellian v60 firmware

References

🔗 advisories.mageia.org 🔗 blog.fox-it.com 🔗 cogentdatahub.com 🔗 download.schneider-electric.com 🔗 git.openssl.org

CVE-2014-0160

⚠️ CISA Known Exploited Vulnerability

Vulnerability Report

Description

CWE

Affected Products

References