CVE-2012-10060
Published: 13 August 2025
Summary
CVE-2012-10060 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Sysax Multi Server. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and patching of the known stack-based buffer overflow flaw in Sysax Multi Server SSH service, directly enabling upgrade to version 5.55 or later.
Implements memory protections such as address space layout randomization, data execution prevention, and stack canaries to block unauthorized code execution from stack buffer overflows.
Mandates bounds checking and validation of inputs like usernames to prevent buffer overflows during SSH authentication.
NVD Description
Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds…
more
checking. This allows remote code execution under the context of the service.
Deeper analysisAI
CVE-2012-10060 is a stack-based buffer overflow vulnerability (CWE-121) affecting the SSH service in Sysax Multi Server versions prior to 5.55. The issue arises when a remote attacker supplies an overly long username during authentication, causing the server to copy the input into a fixed-size stack buffer without proper bounds checking. This flaw enables remote code execution in the context of the service, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A remote, unauthenticated attacker can exploit this vulnerability by connecting to the SSH service and submitting a specially crafted, excessively long username. Successful exploitation leads to arbitrary code execution with the privileges of the Sysax Multi Server service, potentially allowing full system compromise on affected Windows hosts.
References include a CheckPoint advisory (cpai-23-sepc) and multiple public exploits, such as a Metasploit module for the Sysax SSH username overflow and Exploit-DB entries (18535, 18557), indicating the vulnerability has been publicly documented since 2012. Mitigation involves upgrading to Sysax Multi Server version 5.55 or later, as prior versions are vulnerable.
Public proof-of-concept exploits have been available since early 2012, including detailed write-ups and automated tools, highlighting the vulnerability's long-standing exposure despite its recent CVE assignment in 2025.
Details
- CWE(s)