Moxa has issued a critical security advisory regarding CVE-2023-38408, a severe vulnerability in OpenSSH affecting multiple Ethernet switch models.
The flaw, with a CVSS 3.1 score of 9.8, allows unauthenticated remote attackers to execute arbitrary code on vulnerable devices without requiring user interaction.
CVE-2023-38408 stems from an unreliable search path in the PKCS#11 feature of OpenSSH’s ssh-agent before 9.3p2.
| CVE ID | Severity | CVSS | Vulnerability | Impact |
|---|---|---|---|---|
| CVE-2023-38408 | Critical | 9.8 | SSH agent forwarding flaw | Remote code execution |
The vulnerability (CWE-428) is classified as an unquoted search path issue, enabling remote code execution when an SSH agent is forwarded to an attacker-controlled system.
This security flaw represents an incomplete fix for the earlier CVE-2016-10009 vulnerability.
Attackers can exploit this weakness to achieve complete system compromise, including breaches of confidentiality, integrity, and availability.
Affected Products
This vulnerability impacts multiple Moxa switch series.
| Product Series | Models | Vulnerable / Affected Firmware Versions | Action Required |
|---|---|---|---|
| EDS Series | EDS-G4000, EDS-4008, EDS-4009, EDS-4012, EDS-4014, EDS-G4008, EDS-G4012, EDS-G4014 | Firmware v4.1 or earlier | Upgrade firmware |
| RKS Series | RKS-G4000, RKS-G4028, RKS-G4028-L3 | Firmware v5.0 or earlier | Immediate attention/patch required |
Moxa recommends users immediately contact Moxa Technical Support to obtain the latest security patches.
Organizations using affected EDS-series devices should upgrade to firmware version 4.1.58, while RKS-series users should upgrade to version 5.0.4.
Until patches can be deployed, Moxa advises implementing restrictive network access controls, such as firewalls and ACLs, to limit communication to trusted networks only.
Organizations should segregate operational networks from enterprise networks using VLANs or physical separation, turn off unnecessary network services, and avoid exposing devices directly to the Internet.
Implementing multi-factor authentication, role-based access control, and continuous network traffic monitoring for anomalous activity adds an additional layer of security.
Regular vulnerability assessments and firmware update schedules are essential components of a comprehensive defense strategy.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
