Cisco Enterprise Switch Flaw Exposes Encrypted Traffic

Written by

A critical security flaw has been discovered in the Cisco Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption feature, potentially allowing hackers to read or alter inter-site encrypted traffic. 

The vulnerability (CVE-2023-20185) affects Cisco Nexus 9000 Series Fabric Switches running releases 14.0 and later, specifically when they are part of a multi-site topology and have the CloudSec encryption feature enabled.

Disclosing the vulnerability on Wednesday, Cisco said it is attributed to an implementation issue with the ciphers used by the CloudSec encryption feature on the affected switches.

While CloudSec encryption is designed to protect data transmitted between sites, Cisco said that, by exploiting the vulnerability, an unauthenticated attacker with a position between ACI sites could intercept and compromise the encrypted traffic.

Read more on encryption here: Encrypt (Almost) Everything and Avoid Being the Next Headline

“A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites,” the company said.

At present, Cisco has not released any software updates to address this vulnerability and no workarounds are available. 

“Customers who are currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable it and to contact their support organization to evaluate alternative options,” Cisco advised.

By turning off the feature, organizations can minimize the risk of unauthorized access and potential data manipulation.

Noticeably, the Cisco Nexus 9000 Series Switches in standalone NX-OS mode are not vulnerable to this security flaw.

Currently, there have been no known public announcements or instances of malicious exploitation of this vulnerability. Cisco’s Product Security Incident Response Team (PSIRT) discovered the flaw during internal security testing.

The Cisco advisory comes weeks after a Florida man pleaded guilty to making over $100m from importing and selling counterfeit Cisco networking devices.

What’s hot on Infosecurity Magazine?