Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic
Vulnerable Nexus 9000 Series Fabric Switches in ACI mode should be disabled, Cisco advises.
July 6, 2023
Cisco has announced that a high-severity flaw in its data center switching gear could allow threat actors to read and modify encrypted traffic — and there's no patch so far.
Cisco disclosed the cloud security bug, tracked under CVE-2023-20185, on July 5. According to the company, the vulnerability affects its Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption on Cisco Nexus 9000 Series Fabric Switches.
"Cisco has not released software updates to address the vulnerability that is described in this advisory. Customers who are currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable it and to contact their support organization to evaluate alternative options," Cisco warned.
Principal threat hunter for Netenrich, John Bambenek, said Cisco's recommendation to unplug the device should raise alarms for enterprise security teams.
"I'm not sure I've ever seen a vendor say there are no updates, and that they should unplug the device and find another product instead," Bambenek said. "For Cisco to tell its customers to disable the device tells me all I need to know about the severity of this vulnerability, and I would advise anyone to contact support to figure out how to move forward."
The delay in releasing a fix is likely due to the complicated nature of the vulnerability, Callie Guenther, cyber threat senior manager at Critical Start explained in a statement provided to Dark Reading.
"Cisco has not released patches to address this vulnerability, and it is yet to be officially listed by databases like MITRE and NIST," Guenther said. "While the absence of patches and official listings may raise concerns, it is important to understand that addressing vulnerabilities of this nature involves complex processes, coordination, and testing."
Teams would do well to follow the advice to unplug: Cisco explained that Nexus 9000 exploitation could allow cyberattackers to view, and even change encrypted data being transmitted between sites.
"This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches," Cisco said in the advisory. "An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption."
About the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024