Cisco has published a security warning to its customers of a high-severity vulnerability in its Nexus 9000 Series Fabric Switches in ACI mode that could allow an unauthenticated, remote attacker to read or modify inter-site encrypted traffic.
The vulnerability, tracked as CVE-2023-20185, stems from a problem in the implementation of the ciphers used by the switches Cloud Sec encryption feature. If an attacker is in an on-path position between the ACI sites, they could exploit the vulnerability by intercepting the encrypted traffic and breaking the encryption using cryptanalytic techniques.
Devices affected by the vulnerability include Cisco Nexus 9000 Series Fabric Switches in ACI mode running releases 14.0 and later if they are part of a multi-site topology and have the CloudSec encryption feature enabled. Cisco Nexus 9332C, Nexus 9364C Fixed Spine Switches and Cisco Nexus 9500 Spine Switches equipped with a Cisco Nexus N9K-X9736C-FX Line Card also use CloudSec encryption.
Cisco has not released software updates that address this vulnerability and there is currently no known workaround. Customers that are using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable the switches.
With the available information available now, it appears that the vulnerability would be difficult to exploit but, if successful, an attacker would gain unencrypted access to otherwise secure network traffic and the level of damage would depends on the nature of the traffic intercepted.