2023-07-06 20:13:28
Attackers will have an easier time reading encrypted data if the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series switches is vulnerable to a serious issue. This weakness allows attackers to access encrypted traffic. The issue was identified as CVE-2023-20185 and has a CVSS score of 7.4.
This vulnerability, which is hidden deep within the encryption capability of Cisco ACI Multi-Site CloudSec, exposes a potential backdoor for unauthorized remote attackers to view and change encrypted traffic between sites on Cisco Nexus 9000 Series Fabric Switches when they are operating in ACI mode. This alarming security breach was caused by a vulnerability in the way CloudSec’s encryption feature implemented the ciphers it used, which was a flaw in ACI’s own site system. The attacker would do this by intercepting encrypted communication between sites. The adversary can crack the encryption using powerful cryptanalytic methods, therefore gaining unrestricted access to read or change streaming traffic between sites. This would allow the adversary to read or modify the data without being detected.
It is unfortunate to report that despite the scary nature of this discovery, Cisco has yet to issue any software updates that address the core vulnerability. Furthermore, no alternative or alternative solutions have been discovered to combat this problem.
The security flaw known as CVE-2023-20185 is unique to Cisco Nexus 9000 Series Fabric Switches operating in ACI mode and using releases 14.0 or later. However, for these switches to be vulnerable, they must be part of a multi-site topology that also has CloudSec encryption enabled. The use of Cisco Nexus 9332C or Cisco Nexus 9364C Fixed Spine Switches, or Cisco Nexus 9500 Spine Switches that are equipped with a Cisco Nexus N9K-X9736C-FX line card, is now required to use this capability.
To check if CloudSec encryption is enabled on an ACI site, open Cisco Nexus Dashboard Orchestrator (NDO) and go to Infrastructure > Site Connectivity > Configure > Sites > site name > Inter-Site Connectivity.
Make sure the “CloudSec Encryption” option is set to “Enabled”.
Simply entering the command “show all cloudsec sa interfaces” at the command line of your Cisco Nexus 9000 Series switch will allow you to determine whether or not the CloudSec encryption feature is active on your device.
The information that is generated will make it quite obvious what the “Operational State” is, as well as whether or not CloudSec encryption is enabled on any interface. Be sure to follow these guidelines to the letter to get an accurate assessment of your switch’s encryption health.
Customers currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C switches, as well as the Cisco Nexus N9K-X9736C-FX line card, are strongly encouraged to disable the capability.
Customers using Cisco ACI’s multi-site CloudSec encryption feature are strongly encouraged to disable it and contact their support organization to discuss other solutions, as Cisco does not plan to release any software updates for the capability in the future. foreseeable future. There have been no known public disclosures or malicious use of this vulnerability as of this writing, providing a glimmer of optimism in light of these otherwise bleak conditions.
According to Cisco (PSIRT), there are currently no active exploits for this vulnerability and it was discovered during an internal evaluation.
Affected are Cisco Nexus 9000 Series Fabric Switches running versions 14.0 and later operating in ACI mode. Additionally, the switches must be part of a multi-site topology.
Cyber security enthusiast. Information security specialist, currently working as a risk infrastructure specialist and researcher.
Experience in risk and control processes, security audit support, COB (business continuity) design and support, work group management and information security standards.
Send news tips to [email protected] or www.instagram.com/iicsorg/.
You can also find us on Telegram www.t.me/noticiasciberseguridad
#Decrypt #network #traffic #exploiting #vulnerability #Cisco #Enterprise #Switch