[VULNERABILITY ALERT] MOXA High-Risk Security Vulnerability (CVE-2023-38408), Please Confirm and Patch Promptly

• Subject: [VULNERABILITY ALERT] MOXA High-Risk Security Vulnerability (CVE-2023-38408), Please Confirm and Patch Promptly

• Content Description:
  • Forwarded from National Information Sharing and Analysis Center (NISAC) Security Alert NISAC-200-202601-00000253
  • MOXA has recently released security updates to address an Unquoted Search Path vulnerability (CVE-2023-38408) in OpenSSH for its switch devices. This vulnerability allows an unauthenticated remote attacker to execute arbitrary code remotely via the SSH agent forwarding mechanism. Please confirm and perform patching as soon as possible.
• Affected Platforms:
  • EDS-G4000 series firmware v4.1 and earlier
  • RKS-G4000 series firmware v5.0 and earlier
• Recommended Actions:
  • Official security updates have been released. Please refer to the official advisory for update instructions: https://wwwmoxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches
• Reference Material:
  1. https://nvd.nist.gov/vuln/detail/CVE-2023-38408
  2. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches

Computer and Communication Center
Network Systems Division, Respectfully