OpenSSH Vulnerability Allows Remote Code Execution on Unpatched Moxa Ethernet Switches

Related

Hackers Exploit Critical Auth Bypass in Gitea Docker Image

What happened Hackers are actively exploiting a critical authentication bypass...

Zimbra Urges Customers to Patch Critical Web Client XSS Flaw

What happened Zimbra urged customers to patch a critical stored...

Progress Urges ShareFile Customers to Shut Down Servers Over Credible Threat

What happened Progress Software warned ShareFile customers using Storage Zone...

Ubiquiti Discloses 25 Security Flaws Across UniFi Ecosystem

What happened Ubiquiti disclosed 25 security vulnerabilities affecting products across...

AirDrop and Quick Share Flaws Allow Attackers to Crash Nearby Devices

What happened Security researchers disclosed multiple vulnerabilities affecting Apple AirDrop...

Share

What happened

A critical OpenSSH vulnerability exposes Moxa ethernet switches to remote code execution. The issue arises from CVE-2023-38408, a flaw in the OpenSSH PKCS#11 search path mechanism affecting multiple Moxa switch models. This unquoted search path vulnerability (CVSS 9.8) allows unauthenticated remote attackers to execute arbitrary code on affected devices without user interaction. Vulnerable products include models in the EDS and RKS series running older firmware versions. The flaw is a consequence of an incomplete fix for a prior OpenSSH issue (CVE-2016-10009). Moxa has issued advisories and recommends firmware updates to secure versions. 

Who is affected

Organizations deploying Moxa Ethernet switches in operational or industrial environments are directly exposed to remote code execution if devices run unpatched firmware and are reachable over IP networks. 

Why CISOs should care

The vulnerability undermines core infrastructure components, enabling potential compromise of operational and network devices that support critical communications. Exploitation could lead to breaches of confidentiality, integrity, and availability in industrial and enterprise networks. 

3 practical actions

  • Apply firmware patches: Upgrade all affected switch firmware to versions recommended by the vendor.
  • Segment and restrict network access: Limit management access to trusted networks and implement ACLs or VLAN separation.
  • Monitor for anomalous activity: Increase detection coverage for unusual SSH connections or unexpected remote command execution attempts.
IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.