Cisco today notified customers of a high-severity vulnerability affecting certain models of data center switches that allow attackers to tamper with encrypted traffic.

Tracked as CVE-2023-20185, the flaw was discovered during internal security testing in the ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 series fabric switches in the data center.

Vulnerability only affects Cisco Nexus 9332C, 9364C, and 9500 spinal switches (latest with Cisco Nexus N9K-X9736C-FX line card) only if they are in ACI mode, part of a multi-site topology , have the CloudSec encryption feature enabled and running firmware 14.0 and later.

Successful exploitation allows unauthenticated attackers to remotely read or modify encrypted intersite traffic exchanged between sites.

“This vulnerability is due to an implementation issue with the ciphers used by the CloudSec encryption feature on the affected switches,” Cisco said. said.

“An attacker with a position in the path between ACI sites could exploit this vulnerability by intercepting encrypted intersite traffic and using cryptanalysis techniques to break the encryption.”

No patches and no signs of active exploitation

Cisco has not yet released software updates to address the CVE-2023-20185 vulnerability. Customers using affected data center switches are advised to disable the vulnerable feature and seek advice from their support organization to explore alternative solutions.

To find out if CloudSec encryption is used on an ACI site, go to Infrastructure > Site Connectivity > Configure > Sites > site name > Inter-site Connectivity on Cisco Nexus Dashboard Orchestrator (NDO) and check if “CloudSec Encryption” is marked as “Enabled”.

To check if CloudSec encryption is enabled on a Cisco Nexus 9000 Series switch, run the view all cloudsec sa interfaces command through the command line of the switch. If it returns ‘Operational Status’ for any interface, CloudSec encryption is enabled.

The company’s Product Security Incident Response Team (PSIRT) has yet to find evidence of public exploits targeting the bug or that the flaw has been exploited in attacks.

In May, he also addressed four critical remote code execution flaws with public exploit code affecting multiple Small Business Series switches.

Cisco is also working on fixes a cross-site scripting (XSS) bug in the Prime Collaboration Deployment (PCD) server management tool, reported by Pierre Vivegnis of the NATO Cyber ​​Security Center (NCSC).