CVE-2023-54337

CRITICAL

Sysax Multi Server 6.95 - Denial of Service via Administrative Password Field Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-54337. PoCs published by Luis Martínez.

AI-analyzed exploit summary This PoC demonstrates a local Denial of Service (DoS) vulnerability in Sysax Multi Server 6.95 by overflowing the 'Password' field with a buffer of 800 'A' characters, causing the application to crash when saved.

Description

Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.

Exploits (1)

exploitdb WORKING POC
by Luis Martínez · textdoswindows
https://www.exploit-db.com/exploits/51066

This PoC demonstrates a local Denial of Service (DoS) vulnerability in Sysax Multi Server 6.95 by overflowing the 'Password' field with a buffer of 800 'A' characters, causing the application to crash when saved.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Sysax Multi Server 6.95
Auth required
Prerequisites: Local access to the application · Administrative credentials to access server settings
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51066
Product product
https://www.sysax.com/

Scores

CVSS v3 9.1
EPSS 0.0049
EPSS Percentile 38.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-1284
Status published
Products (1)
sysax/multi_server 6.95
Published Jan 13, 2026
Tracked Since Feb 18, 2026