News

Vulnerability in Cisco Switches Allows Interference with Encrypted Traffic

Security Parrot Editorial Team

Cisco Alerts Customers of Serious Vulnerability Affecting Data Center Switches

Cisco engineers have alerted customers to a serious vulnerability affecting some data center switch models. The vulnerability has received the identifier CVE-2023-20185 and allows attackers to interfere with encrypted traffic.
The issue was discovered during an internal security audit of ACI Multi-Site CloudSec encryption on the Cisco Nexus 9000 Series data center switches.

Affected Devices

The bug only affects the Cisco Nexus 9332C, 9364C, and 9500 switches (the latter equipped with the Cisco Nexus N9K-X9736C-FX line card), and only if they are in ACI mode, use the Multi-Site topology, CloudSec encryption is enabled, and on devices are running firmware 14.0 or later.

Exploitation of Vulnerability

Successful exploitation of CVE-2023-20185 allows unauthenticated attackers to remotely read or modify encrypted site-to-site traffic exchanged between sites.
“This vulnerability is related to the implementation of the ciphers used by the CloudSec function on vulnerable switches,” Cisco explains. “An attacker located between ACI sites could exploit the vulnerability by intercepting encrypted site-to-site traffic and using cryptanalytic techniques to break the encryption.”
Cisco developers have not yet released patches to fix CVE-2023-20185, so customers using affected devices are advised to temporarily disable the problematic feature and contact support for alternative solutions.
Cisco has been at the forefront of cybersecurity for many years, and this vulnerability is a reminder of the importance of staying up-to-date with the latest security updates. It is also a reminder of the importance of having a comprehensive security strategy in place to protect against potential threats.
The vulnerability is a serious one, and customers should take the necessary steps to protect their data and networks. Cisco has provided guidance on how to mitigate the risk of exploitation, and customers should follow these instructions to ensure their systems remain secure.
In the meantime, customers should also be aware of the potential risks associated with using vulnerable devices and should take steps to ensure their networks are secure. This includes regularly patching and updating their systems, using strong passwords, and monitoring their networks for suspicious activity.
It is also important to note that this vulnerability only affects certain devices and configurations, so customers should check their systems to ensure they are not affected.
Overall, this vulnerability is a reminder of the importance of staying vigilant and taking the necessary steps to protect against potential threats. Customers should take the necessary steps to ensure their systems remain secure and contact Cisco support for further assistance.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?