CVE-2023-20185

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Fabric Switches in ACI mode (affected versions not specified) Cisco Nexus series 9332C, 9364C, and 9500 (affected versions not specified)

Description The issue is related to an incorrect implementation of the ciphers used by the CloudSec encryption feature on affected switches. This could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. An attacker with an on-path position between the ACI sites could exploit this by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic transmitted between the sites.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the CloudSec encryption feature until the issue is resolved. Avoid using the CloudSec encryption feature for sensitive data transmission until the issue is resolved.