What is the severity of CVE-2014-3566?

CVE-2014-3566 has a CVSS v3 score of 3.4, which is classified as Low severity.

Is there an exploit available for CVE-2014-3566?

Yes, there are known exploits available for CVE-2014-3566. Immediate patching is recommended.

Is there a patch available for CVE-2014-3566?

Yes, patches are available for CVE-2014-3566. Check the vendor advisories for update instructions.

CVE-2014-3566

Published: January 27, 2026

Last updated:17 hours ago (January 27, 2026)

Exploit: YesZero-day: YesPatch: YesTrend: Neutral

TL;DR

Updated January 27, 2026

CVE-2014-3566 is a low severity vulnerability with a CVSS score of 3.4. Exploits are available; patches have been released and should be applied urgently. This is classified as a zero-day vulnerability.

Key Points

1Low severity (CVSS 3.4/10)
2EPSS: 94.00% - very high likelihood of exploitation
3Public exploits are available
4Vendor patches are available
5Strobes Priority Score: 391/1000 (Low)
6Affects products from 11 vendors

Severity Scores

CVSS v33.4

CVSS v24.3

Priority Score391.0

EPSS Score94.0

Low

Exploitation LikelihoodCritical

94.00%EPSS

Very high probability of exploitation in the next 30 days

Immediate patching required

94.00%

EPSS

3.4

CVSS

Yes

Exploit

Yes

Patch

High Priority

high EPSS • exploit exists

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:High

Privileges Required:Network

User Interaction:Required

Scope:Changed

Confidentiality:Local

Integrity:Network

Availability:Network

Exploit References

Googleonlinesecurity.blogspot.com Metasploit GitHub GitHub GitHub GitHub GitHub

Patch References

Lists.apache.org Lists.apache.org Lists.apache.org Lists.apache.org Lists.apache.org Lists.apache.org Askubuntu.com [email protected][email protected][email protected]

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
IBM	Vios
Netbsd	Netbsd
OpenSSL	OpenSSL
Novell	Suse Linux Enterprise Desktop
Fedoraproject	Fedora
Redhat	Enterprise Linux Workstation Supplementary
IBM	Aix
Redhat	Enterprise Linux Desktop
Redhat	Enterprise Linux Server Supplementary
Opensuse	Opensuse

And 10 more...

Advisories

GitHub Advisory NVD

Paloaltonetworks: A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions (CVE-2014-3566). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. More information can be found at: https://www.openssl.org/~bodo/ssl-poodle.pdf. SSL 3.0 is a supported protocol in PAN-OS services including device management and SSL VPN. The conditions of successful exploitation are somewhat similar to the BEAST attack, which requires several conditions to be met for successful exploitation (i.e. the attacker requires a man-in-the-middle position in the network and must also be able to direct the victim client to send many repeated requests to the vulnerable server on behalf of the attacker via scripting, web sockets, or similar mechanism). Due to the conditions required of a successful attack scenario, the risk of exploitation is not particularly high. More information can be found in Microsoft Security Advisory 3009008 (https://technet.microsoft.com/library/security/3009008). This issue affects PAN-OS 6.1.1 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 5.1.x and PAN-OS 5.0.x.

Cite This Page

APA Format

Strobes VI. (2026). CVE-2014-3566 - CVE Details and Analysis. Strobes VI. Retrieved January 28, 2026, from https://vi.strobes.co/cve/CVE-2014-3566

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.

Vendor

Product

IBM

Vios

Netbsd

OpenSSL

Novell

Suse Linux Enterprise Desktop

Fedoraproject

Fedora

Redhat

Enterprise Linux Workstation Supplementary

IBM

Aix

Redhat

Enterprise Linux Desktop

Redhat

Enterprise Linux Server Supplementary

Opensuse