CVE-2013-10065

A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb	Exploit
https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/	Exploit Third Party Advisory
https://www.sysax.com/	Product
https://www.vulncheck.com/advisories/sysax-multi-server-sshd-key-exchange-dos	Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb	Exploit
https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sysax:multi_server:6.10:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-05 20:15

Updated : 2025-10-02 17:32

NVD link : CVE-2013-10065

Mitre link : CVE-2013-10065

CVE.ORG link : CVE-2013-10065

JSON object : View

Products Affected

sysax

multi_server

CWE

CWE-248

Uncaught Exception

{"id": "CVE-2013-10065", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-05T20:15:35.087", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.sysax.com/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/sysax-multi-server-sshd-key-exchange-dos", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in\u00a0Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\\x28) in place of the expected SSH protocol delimiter."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en Sysax Multi-Server versi\u00f3n 6.10 a trav\u00e9s de su daemon SSH. Un paquete de intercambio de claves SSH especialmente manipulado puede provocar un fallo en el servicio, lo que resulta en una p\u00e9rdida de disponibilidad. La falla se activa durante el procesamiento de datos de intercambio de claves malformados, incluyendo un byte no est\u00e1ndar (\\x28) en lugar del delimitador de protocolo SSH esperado."}], "lastModified": "2025-10-02T17:32:44.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sysax:multi_server:6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBD85CB2-1945-40DA-9421-79DA8A74B89A"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}