Cisco Warns of Vulnerability in Nexus 9000 Series Fabric Switches

Cisco has warned of a vulnerability in the Nexus 9000 Series Fabric Switches, which could allow hackers to read or modify encrypted traffic. The vulnerability is related to the implementation of the keys applied by the CloudSec encryption functionality on the affected series of switches.
Hackers located on the connection path between two ACI sites can exploit the vulnerability to intercept the encrypted traffic between the two sites. They can then use crypto-analysis techniques to break the encryption, allowing them to read or modify the traffic that is exchanged between the two locations.

Affected Versions

The vulnerability affects all Cisco Nexus 9000 Series Fabric Switches running in ACI mode from version 14.0. They must also be part of a Multi-Site topology and have CloudSec encryption enabled. The issue affects the Nexus 9332C switch, Nexus 9364C fixed spine switches, and Nexus 9500 spine switches with a Nexus N9K-X9736C-FX line card.

No Patch or Workaround Available

Cisco has not yet released a patch for the vulnerability and no workaround is available. The tech giant advises customers to temporarily disable the CloudSec feature for the affected Nexus 9000 Series switches with the Nexus N9K-X9736C-FX Line Card and ask Cisco support about alternative options.