Security News > 2023 > July > Cisco warns of bug that lets attackers break traffic encryption
Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic.
Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches.
The vulnerability only impacts Cisco Nexus 9332C, 9364C, and 9500 spine switches only if they are in ACI mode, are part of a Multi-Site topology, have the CloudSec encryption feature enabled, and are running firmware 14.0 and later releases.
To find out if CloudSec encryption is being used across an ACI site, go to Infrastructure > Site Connectivity > Configure > Sites > site-name > Inter-Site Connectivity on the Cisco Nexus Dashboard Orchestrator and check if "CloudSec Encryption" is marked as "Enabled."
To check whether CloudSec encryption is enabled on a Cisco Nexus 9000 Series switch, run the show cloudsec sa interface all command via the switch command line.
Cisco warns of critical switch bugs with public exploit code.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-20185 | Inadequate Encryption Strength vulnerability in Cisco Nx-Os A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. | 7.4 |