【資安漏洞預警】MOXA存在高風險安全漏洞(CVE-2023-38408)，請儘速確認並進行修補

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】MOXA存在高風險安全漏洞(CVE-2023-38408)，請儘速確認並進行修補 [Security Vulnerability Alert] MOXA contains a high-risk security vulnerability (CVE-2023-38408). Please confirm and patch it as soon as possible.
公告內容	轉發國家資安資訊分享與分析中心資安訊息警訊 NISAC-200-202601-00000253 [內容說明] MOXA近期已發布安全性更新，修補交換器設備中OpenSSH不帶引號搜尋路徑(Unquoted Search Path)之漏洞(CVE-2023-38408)，該漏洞允許未經身分鑑別之遠端攻擊者透過SSH金鑰轉發機制於遠端執行任意程式碼，請儘速確認並進行修補。 [影響平台] EDS-G4000系列韌體v4.1(含)以前版本 RKS-G4000系列韌體v5.0(含)以前版本 [建議措施] 官方已針對漏洞釋出修復更新，請參考官方說明進行更新，網址如下： https://wwwmoxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches [參考資料] 1. https://nvd.nist.gov/vuln/detail/CVE-2023-38408 2. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202601-00000253 [Content Description] MOXA recently released a security update patching a vulnerability (CVE-2023-38408) in its OpenSSH Unquoted Search Path mechanism on switches. This vulnerability allows unauthenticated remote attackers to execute arbitrary code remotely via SSH key forwarding. Please verify and patch this vulnerability as soon as possible. [Affected Platforms] EDS-G4000 series firmware v4.1 and earlier RKS-G4000 series firmware v5.0 and earlier [Recommended Actions] The official patch has been released. Please refer to the official instructions for updating. The URL is as follows: https://wwwmoxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches [References] 1. https://nvd.nist.gov/vuln/detail/CVE-2023-38408 2. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches
相關訊息
公告時間	2026/1/20 至 2026/7/20	點閱次數	119