Login
Sign-up
About IT4A
SHOP OT Products
SUPPLY Solutions
PROTECT Solutions
HOST Solutions
CONNECT Services
Useful RESOURCES
CONTACT IT4A
AboutIT4A
SHOPOT Products
SUPPLYSolutions
HOSTSolutions
PROTECTSolutions
CONNECTServices
UsefulRESOURCES
CONTACTIT4A

CVE-2023-38408: OpenSSH Vulnerability in Ethernet Switches

Published: January 9, 2026

This Alert Is From MOXA

As Industrial IoT (IIoT) adoption continues to proliferate, cybersecurity has become one of the top priorities. The Moxa Product Security Incident Response Team (PSIRT) takes a proactive approach to protect products from cybersecurity vulnerabilities. Moxa PSIRT investigates all reports of vulnerabilities that could potentially affect Moxa products. Moxa created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Moxa’s customers have steady, unambiguous resources to help them understand how Moxa resolves or mitigates reported vulnerabilities. For any queries, please email PSIRT@moxa.com.

This security advisory addresses a vulnerability identified in ethernet switches.

CVE-2023-38408

Because of an unreliable search path, the PKCS#11 feature in OpenSSH’s ssh-agent before 9.3p2 allows remote code execution if an agent is sent to a system controlled by an attacker. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: This issue exists because of an incomplete fix for CVE-2016-10009. (Source: cve.org)

Since this issue is considered high severity, users should immediately apply the solutions to mitigate associated security risks.

 

The Identified Vulnerability Type and Potential Impact 

CVE ID Vulnerability Type Impact
CVE-2023-38408

CWE-428: Unquoted Search Path or Element

 Remote code execution if an agent is forwarded to an attacker-controlled system.

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2023-38408

CVSS 3.1: 9.8

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

 Critical Yes

 

This alert has come from: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches