Moxa CVE-2023-38408: OpenSSH Vulnerability in Ethernet Switches

Act Now9.8MPSA-256261Jan 9, 2026

Summary

CVE-2023-38408 is an OpenSSH vulnerability in the ssh-agent component affecting Moxa ethernet switches. Due to an unreliable search path in the PKCS#11 feature, an attacker could achieve remote code execution if SSH agent forwarding is enabled and an agent is sent to an attacker-controlled system. This is an incomplete fix for CVE-2016-10009. However, Moxa ethernet switches typically operate as SSH servers and do not enable ssh-agent or agent forwarding by default, making the practical risk very low in standard deployments.

What this means

What could happen

If SSH agent forwarding were enabled on a Moxa ethernet switch, an attacker could execute arbitrary code remotely. In typical deployments where agent forwarding is disabled by default, the risk is minimal, but if enabled, an attacker could potentially alter switch configuration or disrupt network operations.

Who's at risk

Network operators managing Moxa ethernet switches, particularly in industrial networks where switches are exposed to untrusted network segments or where SSH agent forwarding may have been enabled for administrative purposes. This affects all versions of Moxa's ethernet switches, though the default configuration has minimal risk.

How it could be exploited

An attacker would need to: (1) have SSH agent forwarding enabled on the target Moxa switch, (2) create a system that appears to be a legitimate destination for SSH agent connection, and (3) trick or intercept the agent connection to exploit the unreliable search path in ssh-agent to load malicious code.

Prerequisites

SSH agent forwarding must be explicitly enabled on the Moxa ethernet switch
Network access to SSH port (typically 22) on the switch
Attacker must be able to create or control a system that receives the SSH agent connection

remotely exploitablehigh CVSS score (9.8)high EPSS score (69.2%)no patch availablerequires non-default configuration to exploit

Exploitability

High exploit probability (EPSS 69.2%)

Affected products (1)

ProductAffected VersionsFix Status

Ethernet SwitchesAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGReview switch SSH configuration to confirm SSH agent forwarding is disabled (verify `AllowAgentForwarding no` in sshd_config or equivalent)

HARDENINGRestrict SSH access to the ethernet switch to trusted management networks using firewall rules or network segmentation

Long-term hardening

0/2

HOTFIXMonitor Moxa advisories and firmware releases for patches to OpenSSH components when they become available

HARDENINGConsider disabling SSH access entirely on switches if management can be performed through alternative secure channels (e.g., dedicated management VLAN with out-of-band access)

CVEs (2)

CVE-2023-38408 CVE-2016-10009

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dc4ff9e5-22fb-45da-85cb-5dfa7cdf5ed8