Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

SeverityHIGH
CVSS7.5
CWECWE-125
KEV KEV (added )
Published
Modified

Related Products

Product Advisory Evidence
Cisco Telepresence MXP Series Endpoints cisco-sa-20140430-mxp Cisco OpenVuln
Cisco TelePresence cisco-sa-20140430-mxp Cisco OpenVuln
Cisco TelePresence TC Software cisco-sa-20140430-tcte Cisco OpenVuln
Cisco TelePresence cisco-sa-20140430-tcte Cisco OpenVuln
Cisco Unified IP Phones 9900 Series Firmware Cisco-SA-20140408-CVE-2014-0160 Cisco OpenVuln
Cisco Unified IP Phone 8945 Cisco-SA-20140408-CVE-2014-0160 Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) Cisco-SA-20140408-CVE-2014-0160 Cisco OpenVuln
Cisco TelePresence Cisco-SA-20140408-CVE-2014-0160 Cisco OpenVuln
Cisco Desktop Collaboration Experience DX650 Software Cisco-SA-20140408-CVE-2014-0160 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client Cisco-SA-20140408-CVE-2014-0160 Cisco OpenVuln
Cisco Unified IP Phones 9900 Series Firmware cisco-sa-20140409-heartbleed Cisco OpenVuln
Cisco Unified IP Phone 8945 cisco-sa-20140409-heartbleed Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS) cisco-sa-20140409-heartbleed Cisco OpenVuln
Cisco TelePresence cisco-sa-20140409-heartbleed Cisco OpenVuln
Cisco Desktop Collaboration Experience DX650 Software cisco-sa-20140409-heartbleed Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client cisco-sa-20140409-heartbleed Cisco OpenVuln