Cisco reports vulnerability in Nexus switch that exposes encrypted traffic, no patch available
Take action: Not great, not terrible. The vulnerability itself is very unfortunate and even if a patch was available it won't be easy to plan immediate downtime for core switching infrastructure. The "good" news is that this infrastructure usually runs in closed environments of data centers, so networking teams have time to consider best options. Just don't ignore the problem.
Learn More
Cisco has issued a security advisory regarding a high-severity vulnerability (CVE-2023-20185) in its Nexus 9000 fabric series switches.
The vulnerability could allow an unauthenticated remote attacker to read or modify intersite encrypted traffic.
The flaw affects Cisco Nexus 9000 switches running ACI Multi-Site CloudSec encryption feature in application-centric infrastructure (ACI) mode and poses a threat to data confidentiality and integrity. This setup is typically deployed in data centers for controlling physical and virtual networks.
This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode that are running releases 14.0 and later if they are part of a Multi-Site topology and have the CloudSec encryption feature enabled.
Cisco Nexus 9000 Series Switches in standalone NX-OS mode are not affected by this flaw.
As of now, Cisco has not released any software updates to address the vulnerability and recommends disabling the affected feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card and reaching out to their support organization to evaluate alternative options.
