CVE-2024-53458
Published: 05 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
Sysax Multi Server version 6.99 is affected by CVE-2024-53458, a denial-of-service vulnerability that occurs when the software processes specially crafted SSH packets. This flaw, mapped to CWE-400 (Uncontrolled Resource Consumption), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting its high impact on availability with no effects on confidentiality or integrity.
The vulnerability can be exploited by unauthenticated attackers accessible over the network, requiring low attack complexity and no user interaction. By transmitting malicious SSH packets to the server, an attacker can trigger a DoS condition, rendering the service unavailable.
Advisory information, including proof-of-concept details, is documented in references from PacketStorm Security: https://packetstormsecurity.com/files/182468/Sysax-Multi-Server-6.99-SSH-Denial-Of-Service.html and https://packetstorm.news/files/id/182468. Security practitioners should review these sources for additional technical insights and mitigation recommendations.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a DoS condition from processing crafted SSH packets due to uncontrolled resource consumption (CWE-400), directly enabling T1499.004 Application or System Exploitation to crash/deny service availability.