Search for vulnerabilities
Vulnerability details: VCID-1ucx-43ee-8bbt
Vulnerability ID VCID-1ucx-43ee-8bbt
Aliases CVE-2014-0224
Summary
Status Published
Exploitability 2.0
Weighted Severity 0.8
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-841 Improper Enforcement of Behavioral Workflow
System Score Found at
epss 0.92663 https://api.first.org/data/v1/epss?cve=CVE-2014-0224
epss 0.92663 https://api.first.org/data/v1/epss?cve=CVE-2014-0224
epss 0.929 https://api.first.org/data/v1/epss?cve=CVE-2014-0224
epss 0.929 https://api.first.org/data/v1/epss?cve=CVE-2014-0224
epss 0.92939 https://api.first.org/data/v1/epss?cve=CVE-2014-0224
epss 0.92939 https://api.first.org/data/v1/epss?cve=CVE-2014-0224
epss 0.92939 https://api.first.org/data/v1/epss?cve=CVE-2014-0224
epss 0.92969 https://api.first.org/data/v1/epss?cve=CVE-2014-0224
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0224.json
https://api.first.org/data/v1/epss?cve=CVE-2014-0224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
1103586 https://bugzilla.redhat.com/show_bug.cgi?id=1103586
750665 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750665
RHSA-2014:0624 https://access.redhat.com/errata/RHSA-2014:0624
RHSA-2014:0625 https://access.redhat.com/errata/RHSA-2014:0625
RHSA-2014:0626 https://access.redhat.com/errata/RHSA-2014:0626
RHSA-2014:0627 https://access.redhat.com/errata/RHSA-2014:0627
RHSA-2014:0628 https://access.redhat.com/errata/RHSA-2014:0628
RHSA-2014:0629 https://access.redhat.com/errata/RHSA-2014:0629
RHSA-2014:0630 https://access.redhat.com/errata/RHSA-2014:0630
RHSA-2014:0631 https://access.redhat.com/errata/RHSA-2014:0631
RHSA-2014:0632 https://access.redhat.com/errata/RHSA-2014:0632
RHSA-2014:0633 https://access.redhat.com/errata/RHSA-2014:0633
RHSA-2014:0679 https://access.redhat.com/errata/RHSA-2014:0679
RHSA-2014:0680 https://access.redhat.com/errata/RHSA-2014:0680
USN-2232-1 https://usn.ubuntu.com/2232-1/
Data source Metasploit
Description This module checks for the OpenSSL ChangeCipherSpec (CCS) Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec between a client and server. This issue was first reported in early June, 2014.
Note 
{}
Ransomware campaign use Unknown
Source publication date June 5, 2014
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssl/openssl_ccs.rb
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.99745
EPSS Score 0.92663
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:34:22.379689+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/2232-1/ 37.0.0