CVE-2024-53458 – Sysax Multi Server 6.99 is vulnerable to denial... (How to Fix)

Q: What is the severity of CVE-2024-53458?

CVE-2024-53458 has a CVSS score of 7.5 (HIGH). Sysax Multi Server 6.99 is vulnerable to denial of service when processing malicious SSH packets, causing service disruption. This affects organizations using this specific version of the file transfer and automation server software.

📋 TL;DR

Sysax Multi Server 6.99 is vulnerable to denial of service when processing malicious SSH packets, causing service disruption. This affects organizations using this specific version of the file transfer and automation server software.

💻 Affected Systems

Products:

Sysax Multi Server

Versions: 6.99

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects version 6.99 specifically. Requires SSH service to be enabled and accessible.

📦 What is this software?

Multi Server by Sysax

View all CVEs affecting Multi Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of Sysax Multi Server, disrupting file transfers, scheduled tasks, and SSH-based automation workflows.

🟠

Likely Case

Temporary service disruption requiring manual restart of the Sysax Multi Server service.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and response.

🌐 Internet-Facing: HIGH - SSH services exposed to the internet are directly vulnerable to DoS attacks from any external source.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could disrupt business-critical file transfer operations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exploit code is publicly available on Packet Storm. Attack requires network access to SSH port (default 22).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.00 or later

Vendor Advisory: https://www.sysax.com/

Restart Required: Yes

Instructions:

1. Download latest version from Sysax website. 2. Backup configuration. 3. Install update. 4. Restart Sysax Multi Server service.

🔧 Temporary Workarounds

Restrict SSH Access

windows

Limit SSH connections to trusted IP addresses only using firewall rules.

netsh advfirewall firewall add rule name="Restrict Sysax SSH" dir=in action=allow protocol=TCP localport=22 remoteip=192.168.1.0/24,10.0.0.0/8

🧯 If You Can't Patch

Implement network segmentation to isolate Sysax server from untrusted networks
Deploy intrusion prevention system (IPS) with SSH DoS protection rules

🔍 How to Verify

Check if Vulnerable:

Check Sysax Multi Server version in Help > About menu or registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Sysax\Multi Server\Version

Check Version:

reg query "HKLM\SOFTWARE\Sysax\Multi Server" /v Version

Verify Fix Applied:

Verify version is 7.00 or higher and test SSH connectivity with normal operations.

📡 Detection & Monitoring

Log Indicators:

Multiple SSH connection failures
Sysax service crash events in Windows Event Log
Unusual SSH packet patterns

Network Indicators:

Abnormal SSH traffic spikes
Malformed SSH packets to port 22
Connection floods from single source

SIEM Query:

source="Sysax" AND (event_id=1000 OR event_id=1001) OR dest_port=22 AND bytes>1000 AND protocol="SSH"

📊 Metadata

CVE ID: CVE-2024-53458

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.17% exploit probability (38.3th percentile)

Published: March 5, 2025

Last Updated: September 23, 2025

🔗 References

https://packetstormsecurity.com/files/182468/Sysax-Multi-Server-6.99-SSH-Denial-Of-Service.html Exploit,Third Party Advisory
https://packetstorm.news/files/id/182468 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53458, you might also want to check these: