As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Sign In
Home Support Security Advisories CVE-2023-38408: OpenSSH Vulnerability in Ethernet Switches

Product support

Security Advisories

Please sign in

Forgot your password?
Sign In
Remember Me.
Not a member? Sign up now
SUMMARY

CVE-2023-38408: OpenSSH Vulnerability in Ethernet Switches

This security advisory addresses a vulnerability identified in ethernet switches.

CVE-2023-38408

Because of an unreliable search path, the PKCS#11 feature in OpenSSH’s ssh-agent before 9.3p2 allows remote code execution if an agent is sent to a system controlled by an attacker. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: This issue exists because of an incomplete fix for CVE-2016-10009. (Source: cve.org)

CVE-2023-38408 is related to the SSH agent component and can only be exploited when SSH agent forwarding is enabled. However, in typical deployment scenarios, Moxa's ethernet switches operate as SSH servers and does not enable `ssh-agent` or agent forwarding functionality. Therefore, the practical risk is considered very low because the conditions required to trigger this vulnerability are not present by default. This issue is considered low risk, users may evaluate their environments and decide if updating is required.

 

The Identified Vulnerability Type and Potential Impact 

CVE ID Vulnerability Type Impact
CVE-2023-38408

CWE-428: Unquoted Search Path or Element

 Remote code execution if an agent is forwarded to an attacker-controlled system.

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2023-38408

CVSS 3.1: 9.8

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

 Critical Yes
AFFECTED PRODUCTS AND SOLUTIONS

Solutions

Moxa has developed appropriate solutions to address the vulnerability. The solutions for the affected products are listed in the following table: 

Product Series Affected Versions Solutions

EDS-G4000 Series

  • EDS-4008 Series
  • EDS-4009 Series
  • EDS-4012 Series
  • EDS-4014 Series
  • EDS-G4008 Series
  • EDS-G4012 Series
  • EDS-G4014 Series
 Firmware v4.1 and earlier Please contact Moxa Technical Support for the security patch (v4.1.58)

RKS-G4000 Series

  • RKS-G4028 Series
  • RKS-G4028-L3 Series
 Firmware v5.0 and earlier Please contact Moxa Technical Support for the security patch (v5.0.4)

 

Mitigations

For users who may not be able to perform a firmware update, we provide the following recommended mitigation measures as an alternative to mitigate the risk associated with the vulnerability.

  • Refer to the General Security Recommendations section to further strengthen your security context.

 

General Security Recommendations

To safeguard devices and networks, we recommend implementing the following recommendations to mitigate potential risks:

  1. Restrict Network Access
    • Use firewalls or access control lists (ACLs) to limit communication to trusted IP addresses and networks.
    • Segregate operational networks from other networks (e.g., enterprise networks) using VLANs or physical separation.
  2. Minimize Exposure
    • Avoid exposing devices directly to the Internet.
    • Disable unused network services and ports to reduce the attack surface.
  3. Enhance Device Authentication and Access Control
    • Implement multi-factor authentication (MFA) for accessing critical systems.
    • Use role-based access control (RBAC) to enforce the principle of least privilege.
  4. Regularly Update Firmware and Software
    • Keep devices updated with the latest firmware versions and security patches.
    • Establish a regular patch management schedule to address newly identified vulnerabilities.
  5. Secure Remote Access
    • Use encrypted communication protocols (e.g., VPN, SSH) for remote access.
    • Restrict remote access to authorized personnel only and enforce strong authentication mechanisms.
  6. Implement Anomaly Detection Techniques
    • Monitor network traffic and device behavior for unusual or unauthorized activities.
    • Use tools or techniques that can identify anomalies and provide alerts for potential threats.
  7. Implement Logging and Monitoring
    • Enable event logging and maintain audit trails on devices.
    • Regularly review logs for anomalies and unauthorized access attempts.
  8. Conduct Regular Security Assessments
    • Perform vulnerability assessments to identify potential risks.
    • Regularly review device configurations to ensure compliance with security policies.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release January 9, 2026
1.1 Added description for risk in Summary section February 26, 2026

Relevant Products

EDS-4008 Series · EDS-4009 Series · EDS-4012 Series · EDS-4014 Series · EDS-G4008 Series · EDS-G4012 Series · EDS-G4014 Series ·

  •   Print this page

  • Save
    You can manage and share your saved list in My Moxa
Related Advisories
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
 
 
Added To Bag

View Bag
You have some items waiting in your bag; click here to finish your quote!

You are currently on the Global / English site.
Would you like to go to the site for your region?

Feedback