Some versions of data center switches are reportedly vulnerable to a high-severity vulnerability, and Cisco has recently issued a warning to its customers about it. Important to note is that attackers can manipulate encrypted traffic due to this flaw.
CVE-2023-20185 is the identifier for the most recent flaw. Let me tell you that the vulnerability in the data center Cisco Nexus 9000 Series Fabric Switches’ ACI Multi-Site CloudSec encryption capability was discovered during internal security testing. An important detail to keep in mind is that this flaw only manifests itself on Cisco Nexus 9332C, 9364C, and 9500 spine switches when they are operating in ACI mode. These switches must also be part of a Multi-Site topology, have the CloudSec encryption function turned on, and be running firmware version 14.0 or later. According to the firm:
Cisco Warns Of Traffic Encryption Bug
Here are the actions you need to take to determine if CloudSec encryption is in use across an ACI site:
site-name Inter-Site Connectivity Infrastructure Site Connectivity Configure Sites The Cisco Nexus Dashboard Orchestrator feature “CloudSec Encryption” must be checked and set to “Enabled.”
CloudSec encryption support must also be verified on a Cisco Nexus 9000 Series switch. On the switch’s command line, type display cloudsec sa interface all. Cisco has long warned of severe vulnerabilities in its switches, including public exploit code. Thus, take caution around the faulty switches.