Skip to main content

Impact of the CVE-2023-38408 vulnerability on our products

I. Vulnerability summary

July 19, 2023

CVE-2023-38408: A vulnerability exists in the OpenSSH encryption suite and tool collection. The issue is based on an insufficient fix to the CVE-2016-10009 vulnerability, which OpenSSH 7.4 was supposed to patch in 2017. The PKCS#11 function in the ssh-agent in OpenSSH before 9.3p2 uses an untrusted search path, allowing attackers to inject and execute malicious code if an ssh-agent is forwarded to an attacker-controlled system. Version 9.3p2 closes the vulnerability.

II. Impact on our products

TA Triumph-Adler products are not affected by this vulnerability.