CVE-2023-54337 – Sysax Multi Server 6.95 contains a denial of se... (How to Fix)

Q: What is the severity of CVE-2023-54337?

CVE-2023-54337 has a CVSS score of 9.1 (CRITICAL). Sysax Multi Server 6.95 contains a denial of service vulnerability where attackers can crash the application by sending 800 bytes of repeated characters to the administrative password field. This affects all users running the vulnerable version of Sysax Multi Server, potentially disrupting server functionality.

📋 TL;DR

Sysax Multi Server 6.95 contains a denial of service vulnerability where attackers can crash the application by sending 800 bytes of repeated characters to the administrative password field. This affects all users running the vulnerable version of Sysax Multi Server, potentially disrupting server functionality.

💻 Affected Systems

Products:

Sysax Multi Server

Versions: Version 6.95 specifically

Operating Systems: Windows (primary platform for Sysax Multi Server)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration. Any installation of version 6.95 is vulnerable regardless of configuration settings.

📦 What is this software?

Multi Server by Sysax

View all CVEs affecting Multi Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption making the Sysax Multi Server unavailable, potentially affecting all services running through it including FTP, SSH, and web services.

🟠

Likely Case

Application crash requiring manual restart, causing temporary service interruption until the server is restored.

🟢

If Mitigated

Minimal impact if proper network segmentation and access controls prevent unauthorized access to administrative interfaces.

🌐 Internet-Facing: HIGH - If the administrative interface is exposed to the internet, attackers can easily trigger the DoS from anywhere.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this to disrupt services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires no authentication. Attackers only need network access to the administrative interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - Check vendor for updates

Vendor Advisory: https://www.sysax.com/

Restart Required: Yes

Instructions:

1. Check Sysax website for security updates. 2. Download and install any available patches. 3. Restart the Sysax Multi Server service. 4. Verify the fix by testing with the exploit payload.

🔧 Temporary Workarounds

Restrict Administrative Interface Access

windows

Block external access to the Sysax Multi Server administrative interface using firewall rules.

Windows Firewall: New-NetFirewallRule -DisplayName "Block Sysax Admin" -Direction Inbound -LocalPort [admin-port] -Protocol TCP -Action Block

Network Segmentation

all

Place Sysax Multi Server behind a firewall/VPN and restrict access to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the administrative interface
Monitor for repeated connection attempts or crashes and implement automated restart scripts

🔍 How to Verify

Check if Vulnerable:

Test by sending 800 bytes of repeated characters (e.g., 'A' * 800) to the administrative password field via the web interface or API. If the server crashes, it's vulnerable.

Check Version:

Check the Sysax Multi Server interface or installation directory for version information. Typically visible in the web interface or via Help > About.

Verify Fix Applied:

After applying any vendor patch, repeat the test with the same payload. The server should handle the input gracefully without crashing.

📡 Detection & Monitoring

Log Indicators:

Application crash logs
Unexpected service termination events
Repeated failed login attempts with long password strings

Network Indicators:

Unusually large authentication requests to administrative endpoints
Multiple connection attempts followed by service unavailability

SIEM Query:

source="sysax.log" AND (event="crash" OR event="terminated") OR (http_request_length > 800 AND uri CONTAINS "/admin/")

📊 Metadata

CVE ID: CVE-2023-54337

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-1284

EPSS Score: 0.01% exploit probability (1.3th percentile)

Published: January 13, 2026

Last Updated: January 26, 2026

🔗 References

https://www.exploit-db.com/exploits/51066 Exploit,Third Party Advisory,VDB Entry
https://www.sysax.com/ Product
https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc Third Party Advisory
https://www.exploit-db.com/exploits/51066 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-54337, you might also want to check these: