High-severity vulnerability in Cisco Enterprise Switches
Cisco has issued a recent warning to its customers regarding a significant vulnerability that has been discovered in its Nexus 9000 series switches. This vulnerability, identified as CVE-2023-20185, poses a high-level risk as it grants unauthorized attackers the ability to intercept and manipulate network traffic without the need for authentication.
Specifically, this vulnerability targets the ACI multi-site CloudSec encryption feature utilized in Nexus 9000 switches. These switches are commonly employed in data centers, particularly in application-centric infrastructure (ACI) mode, where they manage both physical and virtual networks.
The vulnerability originates from a flaw in the implementation of the ciphers used by the CloudSec encryption feature. By exploiting this flaw, a remote attacker can gain access to encrypted traffic between sites and compromise the encryption through the use of cryptanalytic techniques. Consequently, this allows the attacker to either read or modify the blocked traffic as desired.
To be affected by this vulnerability, Cisco Nexus 9000 Series Fabric Switches must be running versions 14.0 or later in ACI mode. Additionally, the switches must be part of a multi-site topology and have the CloudSec encryption feature enabled.