Question:
Are any AMX products effected by CVE-2023-38408?
Answer:
A vulnerability was identified in relation to the use of OpenSSH within Linux-run systems on Tuesday July 25th, 2023 (CVE-2023-38408). This vulnerability can lead to remote code execution if an agent is forwarded to an attacker-controlled system.
AMX has assessed all products and services for usage of OpenSSH within our systems and has concluded that there is medium risk of exposure of this vulnerability described by CVE-2023-38408.
We are currently patching these systems to OpenSSH v9.3p2 and will have a release available soon.
Systems that are affected:
All NX controllers, including internal NX controllers within the DVX and DGX product lines. (Firmware hotfix versions are available after July 31st 2023 via Tech Support).
All Precis 4K60 HDMI Switchers.
All Jetpack distance transport switchers.