Critical OpenSSH Vulnerability Exposes Moxa Ethernet Switches to Remote Code Execution

Critical OpenSSH Vulnerability Exposes Moxa Ethernet Switches to Remote Code Execution

Posted on By CWS

Moxa has issued a important safety advisory relating to CVE-2023-38408, a extreme vulnerability in OpenSSH affecting a number of Ethernet change fashions.

The flaw, with a CVSS 3.1 rating of 9.8, permits unauthenticated distant attackers to execute arbitrary code on weak gadgets with out requiring person interplay.

CVE-2023-38408 stems from an unreliable search path within the PKCS#11 characteristic of OpenSSH’s ssh-agent earlier than 9.3p2.

CVE IDSeverityCVSSVulnerabilityImpactCVE-2023-38408Critical9.8SSH agent forwarding flawRemote code execution

The vulnerability (CWE-428) is classed as an unquoted search path concern, enabling distant code execution when an SSH agent is forwarded to an attacker-controlled system.

This safety flaw represents an incomplete repair for the sooner CVE-2016-10009 vulnerability.

Attackers can exploit this weak spot to realize full system compromise, together with breaches of confidentiality, integrity, and availability.

Affected Merchandise

This vulnerability impacts a number of Moxa change sequence.

Product SeriesModelsVulnerable / Affected Firmware VersionsAction RequiredEDS SeriesEDS-G4000, EDS-4008, EDS-4009, EDS-4012, EDS-4014, EDS-G4008, EDS-G4012, EDS-G4014Firmware v4.1 or earlierUpgrade firmwareRKS SeriesRKS-G4000, RKS-G4028, RKS-G4028-L3Firmware v5.0 or earlierImmediate consideration/patch required

Moxa recommends customers instantly contact Moxa Technical Help to acquire the newest safety patches.

Organizations utilizing affected EDS-series gadgets ought to improve to firmware model 4.1.58, whereas RKS-series customers ought to improve to model 5.0.4.

Till patches may be deployed, Moxa advises implementing restrictive community entry controls, similar to firewalls and ACLs, to restrict communication to trusted networks solely.

Organizations ought to segregate operational networks from enterprise networks utilizing VLANs or bodily separation, flip off pointless community companies, and keep away from exposing gadgets on to the Web.

Implementing multi-factor authentication, role-based entry management, and steady community site visitors monitoring for anomalous exercise provides a further layer of safety.

Common vulnerability assessments and firmware replace schedules are important elements of a complete protection technique.

Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware Cyber Security News
New Stealthy Python Malware Leverages Discord to Steal Data From Windows Machines New Stealthy Python Malware Leverages Discord to Steal Data From Windows Machines Cyber Security News
New Phishing Attack Leverages Popular Brands to Harvest Login Credentials New Phishing Attack Leverages Popular Brands to Harvest Login Credentials Cyber Security News
20 Years old Proxy Botnet Network Dismantled That Exploits 1000 Unique Unpatched Devices Weekly 20 Years old Proxy Botnet Network Dismantled That Exploits 1000 Unique Unpatched Devices Weekly Cyber Security News
New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers Cyber Security News
UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages Cyber Security News