Security

Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic

Cisco warns of a high-severity vulnerability in Nexus 9000 series switches that can allow attackers to read or modify encrypted traffic.

Cisco disclosed a high-severity vulnerability, tracked as CVE-2023-20185 (CVSS Score 7.4), in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode.

An unauthenticated, remote attacker can exploit the flaw to read or modify encrypted traffic.

“This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption.” reads the advisory published by Cisco. “A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites.”

Cisco Nexus 9000 Series Fabric Switches in ACI mode running releases 14.0 and later, that are part of a Multi-Site topology, and that have the CloudSec encryption feature enabled are impacted by this issue.

The vulnerability impacts Nexus 9332C and Nexus 9364C fixed spine switches, and Nexus 9500 spine switches equipped with a Nexus N9K-X9736C-FX line card.

The IT giant has not released security updates to address this flaw. The company recommends customers who are currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card to disable it and contact their support organization to evaluate alternative options.

The company Product Security Incident Response Team (PSIRT) is not aware of attacks in the wild exploiting this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Nexus 9000)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor…

41 minutes ago

Lazarus APT targeted employees at an unnamed nuclear-related organization

North Korea-linked Lazarus Group targeted employees of an unnamed nuclear-related organization in January 2024. Kaspersky…

7 hours ago

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

24 hours ago

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

1 day ago

US charged Dual Russian and Israeli National as LockBit Ransomware developer

US authorities charged a dual Russian and Israeli national for being a developer of the…

1 day ago

BadBox rapidly grows, 190,000 Android devices infected

Experts uncovered a botnet of 190,000 Android devices infected by BadBox bot, primarily Yandex smart…

2 days ago

This website uses cookies.