Cisco MDS : OpenSSH Remote Code Execution (RCE) Vulnerability in its forwarded ssh-agent

Summary: Customers Qualys scan noted 'CVE-2023-38408'

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Symptoms:
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol.
OpenSSH contains the following vulnerabilities:
Qualys scan  discovered vulnerability (CVE-2023-38408)
- This is a condition where specific libraries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket.

Affected Versions:
OpenSSH versions prior to 9.3p2

Cause

CVE-2023-38408 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408This hyperlink is taking you to a website outside of Dell Technologies.
Addressed in  Cisco bug CSCwh11743

https://bst.cisco.com/bugsearch/bug/CSCwh11743This hyperlink is taking you to a website outside of Dell Technologies.

 

Resolution

Workaround:
Not Applicable.

Further Problem Description:
PKCS#11 is not supported on MDS 9000 and the MDS 9000 is not vulnerable to CVE-2023-38408 at any NX-OS version. Cisco MDS series  switches are not vulnerable. Not exploitable

Affected Products

Connectrix MDS-9710-V2, Connectrix MDS-Series Hardware
Article Properties
Article Number: 000248800
Article Type: Solution
Last Modified: 12 Mar 2025
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.