High-Severity Vulnerability in Cisco Nexus 9000 Series Fabric Switches

Cisco has released a security advisory on a high-severity vulnerability (CVE-2023-20185) impacting the Cisco Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches.

Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to intercept encrypted traffic between ACI sites, and read or modify encrypted traffic exchanged between ACI sites.

This vulnerability affects Nexus 9332C and Nexus 9364C Fixed Spine Switches, and Nexus 9500 Spine Switches equipped with a Nexus N9K-X9736C-FX line card.

Cisco has not released any software updates to patch the vulnerability and there are no workarounds that address this vulnerability. Users and administrators using Cisco ACI Multi-Site CloudSec encryption feature are advised to disable the Cisco ACI Multi-Site CloudSec encryption feature and seek guidance from Cisco support.

Users and administrators can determine whether CloudSec encryption is in use by performing the following:

• For ACI sites: Go to Infrastructure > Site Connectivity > Configure > Sites > site-name > Inter-Site Connectivity on the Cisco Nexus Dashboard Orchestrator (NDO) and check if "CloudSec Encryption" is marked as "Enabled".

• For Cisco Nexus 9000 Series Spine Switches: In the switch command-line interface (CLI), enter the show cloudsec sa interface all command and check the Operational Status output.

More information is available here:

https://www.bleepingcomputer.com/news/security/cisco-warns-of-bug-that-lets-attackers-break-traffic-encryption/

https://securityaffairs.com/148235/security/cisco-nexus-9000-series-flaw.html

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX