A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter.
                
            References
                    Configurations
                    History
                    02 Oct 2025, 17:32
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb - Exploit | |
| References | () https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/ - Exploit, Third Party Advisory | |
| References | () https://www.sysax.com/ - Product | |
| References | () https://www.vulncheck.com/advisories/sysax-multi-server-sshd-key-exchange-dos - Third Party Advisory | |
| CPE | cpe:2.3:a:sysax:multi_server:6.10:*:*:*:*:*:*:* | |
| Summary | (es) Existe una vulnerabilidad de denegación de servicio en Sysax Multi-Server versión 6.10 a través de su daemon SSH. Un paquete de intercambio de claves SSH especialmente manipulado puede provocar un fallo en el servicio, lo que resulta en una pérdida de disponibilidad. La falla se activa durante el procesamiento de datos de intercambio de claves malformados, incluyendo un byte no estándar (\x28) en lugar del delimitador de protocolo SSH esperado. | |
| CVSS | v2 : v3 : | v2 : unknown v3 : 7.5 | 
| First Time | Sysax Sysax multi Server | 
07 Aug 2025, 16:15
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb - | |
| References | () https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/ - | |
| Summary | 
 | 
05 Aug 2025, 20:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-08-05 20:15
Updated : 2025-10-02 17:32
NVD link : CVE-2013-10065
Mitre link : CVE-2013-10065
CVE.ORG link : CVE-2013-10065
JSON object : View
Products Affected
                sysax
- multi_server
CWE
                
                    
                        
                        CWE-248
                        
            Uncaught Exception
