Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic.
Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches.
The vulnerability only impacts Cisco Nexus 9332C, 9364C, and 9500 spine switches only if they are in ACI mode, are part of a Multi-Site topology, have the CloudSec encryption feature enabled, and are running firmware 14.0 and later releases.
To find out if CloudSec encryption is being used across an ACI site, go to Infrastructure > Site Connectivity > Configure > Sites > site-name > Inter-Site Connectivity on the Cisco Nexus Dashboard Orchestrator and check if “CloudSec Encryption” is marked as “Enabled.”
To check whether CloudSec encryption is enabled on a Cisco Nexus 9000 Series switch, run the show cloudsec sa interface all command via the switch command line.
Cisco warns of critical switch bugs with public exploit code.