CVE-2012-10060

CRITICAL

Sysax Multi Server <5.55 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-10060. PoCs published by Metasploit, Craig Freyman, Craig Freyman, sinn3r, including Metasploit module exploits/windows/ssh/sysax_ssh_username.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Sysax 5.53 SSH service by sending a maliciously crafted username, leading to remote code execution. It includes both DEP bypass (ROP) and non-DEP exploit variants.

Description

Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18557

This Metasploit module exploits a stack-based buffer overflow in Sysax 5.53 SSH service by sending a maliciously crafted username, leading to remote code execution. It includes both DEP bypass (ROP) and non-DEP exploit variants.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sysax Multi Server 5.53
No auth needed
Prerequisites: Network access to the target SSH service (port 22) · Ruby and Metasploit Framework
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Craig Freyman · pythonremotewindows
https://www.exploit-db.com/exploits/18535

This is a functional exploit for a buffer overflow vulnerability in Sysax Multi Server SSH (versions <= 5.53). It leverages an egghunter technique to achieve remote code execution (RCE) pre-authentication by overflowing the username field during SSH authentication.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sysax Multi Server SSH <= 5.53
No auth needed
Prerequisites: Network access to the target SSH service · Sysax Multi Server SSH version <= 5.53
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Craig Freyman, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ssh/sysax_ssh_username.rb

This Metasploit module exploits a buffer overflow vulnerability in Sysax SSH server by sending a maliciously crafted username, leading to remote code execution. It includes both ROP and non-ROP payloads for different target configurations.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sysax Multi Server 5.53
No auth needed
Prerequisites: Network access to the target SSH service · Sysax Multi Server 5.53 or earlier
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 9.8
EPSS 0.7948
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-121
Status published
Products (2)
sysax/multi_server < 5.55
Sysax Software/Multi Server < 5.55
Published Aug 13, 2025
Tracked Since Feb 18, 2026