CVE-2013-10065

{"id": "CVE-2013-10065", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-05T20:15:35.087", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb", "tags": ["Exploit"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.sysax.com/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/sysax-multi-server-sshd-key-exchange-dos", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ssh/sysax_sshd_kexchange.rb", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.mattandreko.com/2013/04/08/sysax-multi-server-6.10-ssh-dos/", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in\u00a0Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\\x28) in place of the expected SSH protocol delimiter."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en Sysax Multi-Server versi\u00f3n 6.10 a trav\u00e9s de su daemon SSH. Un paquete de intercambio de claves SSH especialmente manipulado puede provocar un fallo en el servicio, lo que resulta en una p\u00e9rdida de disponibilidad. La falla se activa durante el procesamiento de datos de intercambio de claves malformados, incluyendo un byte no est\u00e1ndar (\\x28) en lugar del delimitador de protocolo SSH esperado."}], "lastModified": "2025-10-02T17:32:44.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sysax:multi_server:6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBD85CB2-1945-40DA-9421-79DA8A74B89A"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}