Cisco Traffic Encryption Break Vulnerability

Cisco Traffic Encryption Break Vulnerability

On the July 07 dated vulnerability report released by Cisco, customers warned of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic.

This vulnerability is tracked as CVE-2023-20185 and the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches. Successful exploitation of the vulnerability allows unauthenticated attackers to read or modify intersite encrypted traffic exchanged between sites remotely.

According to Cisco this vulnerability occurs due to an issue with the implementation of the ciphers which are used by the CloudSec encryption feature on affected switches and a potential attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. (CVE-2023-20185)

Affected Systems

This vulnerability only impacts Cisco Nexus 9332C, 9364C, and 9500 spine switches (the last ones equipped with a Cisco Nexus N9K-X9736C-FX Line Card) only if they are in ACI mode, are part of a Multi-Site topology, have the CloudSec encryption feature enabled, and are running firmware 14.0 and later releases.

IoC’s

-

Recommended Solution(s)

Cisco has not yet issued software updates to resolve this vulnerability. Customers using affected data center switches are advised to turn off the vulnerable feature and seek for guidance from their support organization to explore other possible solutions.

Mitigations

-

CVE / CWE

CVE-2023-20185

Related Website(s)

• https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX.html?ysclid=ljwt5c0el643560755

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.