CVE-2023-54337 | THREATINT

Description

Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.

PUBLISHED Reserved 2026-01-10 | Published 2026-01-13 | Updated 2026-01-26 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Problem types

Improper Validation of Specified Quantity in Input

Product status

6.95

affected

Credits

Luis Martinez finder

References

www.exploit-db.com/exploits/51066 exploit

www.vulncheck.com/...i-server-password-denial-of-service-poc exploit

www.exploit-db.com/exploits/51066 (ExploitDB-51066) exploit

www.sysax.com/ (Vendor Homepage) product

www.vulncheck.com/...i-server-password-denial-of-service-poc (VulnCheck Advisory: Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)) third-party-advisory

cve.org (CVE-2023-54337)

nvd.nist.gov (CVE-2023-54337)

Download JSON