Cisco is warning customers of a vulnerability in its Nexus 9000 Series Fabric Switches. Due to CVE-2023-20185, hackers are able to read or modify encrypted traffic.
According to Cisco, the vulnerability is related to the implementation of the keys used by the CloudSec encryption functionality on the affected series of switches.
Hackers on the connection path between two ACI sites could use the vulnerability to intercept the encrypted traffic between the two sites. They can then use cryptanalysis techniques to break the encryption.
Ultimately, they can read or even modify the traffic exchanged between the two sites.
Multiple Cisco Nexus 9000 versions
The vulnerability affects all Cisco Nexus 9000 Series Fabric Switches running in ACI mode starting with version 14.0. They must also be part of a Multi-Site topology and have CloudSec encryption enabled.
The issue affects the Nexus 9332C switch, the Nexus 9364C fixed spine switches and the Nexus 9500 spine switches with a Nexus N9K-X9736C-FX line card.
Disable cloudsec option
Cisco has not yet released a patch for the vulnerability, nor is a workaround available. The tech giant advises customers to temporarily disable the CloudSec feature for the affected Nexus 9000 Series switches with the Nexus N9K-X9736C-FX Line Card and ask Cisco support about alternative options.