CVE-2012-10060
Published: 13 August 2025
Summary
CVE-2012-10060 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Sysax Multi Server. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2012-10060 is a stack-based buffer overflow vulnerability (CWE-121) affecting the SSH service in Sysax Multi Server versions prior to 5.55. The issue arises when a remote attacker supplies an overly long username during authentication, causing the server to copy the input into a fixed-size stack buffer without proper bounds checking. This flaw enables remote code execution in the context of the service, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A remote, unauthenticated attacker can exploit this vulnerability by connecting to the SSH service and submitting a specially crafted, excessively long username. Successful exploitation leads to arbitrary code execution with the privileges of the Sysax Multi Server service, potentially allowing full system compromise on affected Windows hosts.
References include a CheckPoint advisory (cpai-23-sepc) and multiple public exploits, such as a Metasploit module for the Sysax SSH username overflow and Exploit-DB entries (18535, 18557), indicating the vulnerability has been publicly documented since 2012. Mitigation involves upgrading to Sysax Multi Server version 5.55 or later, as prior versions are vulnerable.
Public proof-of-concept exploits have been available since early 2012, including detailed write-ups and automated tools, highlighting the vulnerability's long-standing exposure despite its recent CVE assignment in 2025.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2012-6601
Vulnerability details
Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds…
more
checking. This allows remote code execution under the context of the service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing SSH service directly enables remote unauthenticated code execution via exploitation of a network-accessible application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input (including SSH usernames) to enforce length and format checks that would have blocked the oversized username triggering the stack overflow.
Mandates prompt application of vendor patches, directly eliminating the buffer-overflow flaw by upgrading Sysax Multi Server to version 5.55 or later.
Implements memory-protection mechanisms (e.g., ASLR, DEP, stack canaries) that can block successful exploitation of the stack-based overflow even if malicious input reaches the service.