Skip to main content

Safety-related information:

Impact of the CVE-2023-38408 vulnerability on our products

I. Summary of the vulnerability


CVE-2023-38408: A security vulnerability exists in the OpenSSH encryption suite and tool collection. The issue is based on an insufficient fix to the CVE-2016-10009 vulnerability, which OpenSSH 7.4 was supposed to patch in 2017. The PKCS#11 function in the ssh-agent in OpenSSH before 9.3p2 uses an untrusted search path, allowing attackers to inject and execute malicious code if an ssh-agent is forwarded to an attacker-controlled system. Version 9.3p2 closes the vulnerability.

II. Effects on our products

TA Triumph-Adler products are not affected by this vulnerability.