Cisco has recently warned customers about a new high-severity vulnerability that affects select data center switch models. The security flaw, which is tracked as CVE-2023-20185, could enable unauthenticated attackers to read or modify encrypted traffic.
“This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption,” Cisco explained.
CloudSec encryption is a feature that enables secure communication between websites for Cisco ACI Multi-Site deployments. It uses encrypted connections between the spine switches that leverage an external IP network to link different sites.
According to Cisco, the security vulnerability affects Cisco 9000 Series Fabric Switches in ACI mode running version 14.0 and newer. Moreover, the switches need to have the CloudSec encryption feature enabled and be a part of the multi-site topology. The flaw also impacts Cisco Nexus 9332C, 9364C, and 9500 spine switches with Nexus N9K-X9736C-FX line card.
As of this writing, Cisco hasn’t released security patches to mitigate the vulnerability in enterprise environments. The Product Security Incident Response Team (PSIRT) didn’t find any evidence that the flaw is under active exploitation in the wild.
In the meantime, Cisco suggests IT admins to disable the ACI multi-site CloudSec encryption feature in vulnerable data center switches. It’s also recommended that administrations should contact their vendor in order to evaluate alternative solutions.
Cisco has recently released updates to patch four security vulnerabilities in Webex Meetings, Duo Authentication Proxy, and BroadWorks. The company confirmed that the flaw could lead to cross-site scripting (XSS)/cross-site request forgery (CSRF) attacks, privileges escalation, and data leaks. You can find more details about the vulnerabilities on Cisco’s security advisories page.