"Cisco Enterprise Switch Flaw Exposes Encrypted Traffic"

Cisco recently discovered a critical security flaw in the Cisco Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption feature, potentially allowing hackers to read or alter inter-site encrypted traffic.  The vulnerability (CVE-2023-20185) affects Cisco Nexus 9000 Series Fabric Switches running releases 14.0 and later, specifically when they are part of a multi-site topology and have the CloudSec encryption feature enabled.  Cisco noted that it attributed the vulnerability to an implementation issue with the ciphers used by the CloudSec encryption feature on the affected switches.  Cisco stated that while CloudSec encryption is designed to protect data transmitted between sites, by exploiting the vulnerability, an unauthenticated attacker with a position between ACI sites could intercept and compromise the encrypted traffic.  Currently, Cisco has not released any software updates to address this vulnerability, and no workarounds are available.  Cisco stated that customers who are currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable it and to contact their support organization to evaluate alternative options.

Infosecurity reports: "Cisco Enterprise Switch Flaw Exposes Encrypted Traffic"