{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54337","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-01-10T01:51:52.983Z","datePublished":"2026-01-13T22:52:08.992Z","dateUpdated":"2026-03-05T01:29:45.147Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-03-05T01:29:45.147Z"},"datePublic":"2022-10-05T00:00:00.000Z","title":"Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)","descriptions":[{"lang":"en","value":"Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Validation of Specified Quantity in Input","cweId":"CWE-1284","type":"CWE"}]}],"affected":[{"vendor":"Sysax","product":"Sysax Multi Server","versions":[{"version":"6.95","status":"affected"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sysax:multi_server:6.95:*:*:*:*:*:*:*"}]}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":5.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/51066","name":"ExploitDB-51066","tags":["exploit"]},{"url":"https://www.sysax.com/","name":"Vendor Homepage","tags":["product"]},{"name":"VulnCheck Advisory: Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc"}],"credits":[{"lang":"en","value":"Luis Martinez","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"references":[{"url":"https://www.exploit-db.com/exploits/51066","tags":["exploit"]},{"url":"https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-14T15:46:16.057643Z","id":"CVE-2023-54337","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T19:17:58.628Z"}}]}}