{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2013-10065", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-08-05T13:37:32.199Z", "datePublished": "2025-08-05T20:05:06.769Z", "dateUpdated": "2025-08-07T15:15:02.627Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Multi-Server", "vendor": "Sysax Software", "versions": [{"status": "affected", "version": "6.10"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Matt \"hostess\" Andreko"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">A denial-of-service vulnerability exists in&nbsp;</span>Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (<code>\\x28</code>) in place of the expected SSH protocol delimiter.</p>"}], "value": "A denial-of-service vulnerability exists in\u00a0Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\\x28) in place of the expected SSH protocol delimiter."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248 Uncaught Exception", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-05T20:05:06.769Z"}, "references": [{"tags": ["technical-description", "exploit"], "url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/"}, {"tags": ["exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb"}, {"tags": ["product"], "url": "https://www.sysax.com/"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/sysax-multi-server-sshd-key-exchange-dos"}], "source": {"discovery": "UNKNOWN"}, "title": "Sysax Multi-Server <= 6.10 SSHD Key Exchange DoS", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/", "tags": ["exploit"]}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-07T15:14:58.420516Z", "id": "CVE-2013-10065", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-07T15:15:02.627Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2013-10065", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-07T15:14:58.420516Z"}}}], "references": [{"url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/", "tags": ["exploit"]}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-07T15:14:52.137Z"}}], "cna": {"title": "Sysax Multi-Server <= 6.10 SSHD Key Exchange DoS", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Matt \"hostess\" Andreko"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sysax Software", "product": "Multi-Server", "versions": [{"status": "affected", "version": "6.10"}], "defaultStatus": "unknown"}], "references": [{"url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/", "tags": ["technical-description", "exploit"]}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb", "tags": ["exploit"]}, {"url": "https://www.sysax.com/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/sysax-multi-server-sshd-key-exchange-dos", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in\u00a0Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\\x28) in place of the expected SSH protocol delimiter.", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">A denial-of-service vulnerability exists in&nbsp;</span>Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (<code>\\x28</code>) in place of the expected SSH protocol delimiter.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248 Uncaught Exception"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-05T20:05:06.769Z"}}}, "cveMetadata": {"cveId": "CVE-2013-10065", "state": "PUBLISHED", "dateUpdated": "2025-08-07T15:15:02.627Z", "dateReserved": "2025-08-05T13:37:32.199Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-08-05T20:05:06.769Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sysax:multi_server:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "CBD85CB2-1945-40DA-9421-79DA8A74B89A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in\u00a0Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\\x28) in place of the expected SSH protocol delimiter."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en Sysax Multi-Server versi\u00f3n 6.10 a trav\u00e9s de su daemon SSH. Un paquete de intercambio de claves SSH especialmente manipulado puede provocar un fallo en el servicio, lo que resulta en una p\u00e9rdida de disponibilidad. La falla se activa durante el procesamiento de datos de intercambio de claves malformados, incluyendo un byte no est\u00e1ndar (\\x28) en lugar del delimitador de protocolo SSH esperado."}], "id": "CVE-2013-10065", "lastModified": "2025-10-02T17:32:44.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-08-05T20:15:35.087", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.sysax.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/sysax-multi-server-sshd-key-exchange-dos"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2025-08-06T15:12:51.514716+00:00", "updated": "2025-08-06T15:12:51.514764+00:00", "vendors": ["sysax", "sysax$PRODUCT$multi_server"]}