Cisco has issued a warning to its customers regarding a high-severity vulnerability affecting certain data center switch models, which enables attackers to tamper with encrypted traffic.
Tracked as CVE-2023-20185, the flaw was discovered during internal security testing of the ACI Multi-Site CloudSec encryption feature in Cisco Nexus 9000 Series Fabric Switches.
Furthermore, the vulnerability specifically impacts Cisco Nexus 9332C, 9364C, and 9500 spine switches in ACI mode, with CloudSec encryption enabled, and running firmware 14.0 and later releases.
Exploiting this vulnerability allows unauthenticated attackers to remotely read or modify intersite encrypted traffic. Cisco attributes the vulnerability to an issue in the implementation of the ciphers used by the CloudSec encryption feature on the affected switches. Currently, there is no patch available, and Cisco has not detected any signs of active exploitation.
At the same time, customers using the affected data center switches are advised to disable the vulnerable feature and seek guidance from their support organization for alternative solutions.
To determine if CloudSec encryption is enabled, users can check the Cisco Nexus Dashboard Orchestrator (NDO) and run specific commands on the Cisco Nexus 9000 Series switch. Cisco’s Product Security Incident Response Team (PSIRT) has not found evidence of public exploit code targeting the vulnerability or any reported instances of exploitation.
In addition to this vulnerability, Cisco is actively working on patching other security flaws, including critical remote code execution flaws in its Small Business Series Switches and a cross-site scripting (XSS) bug in the Prime Collaboration Deployment (PCD) server management tool.
