A high-severity flaw in Cisco’s data center switching gear could allow threat actors to read and modify encrypted traffic, according to the company.
On Wednesday, Cisco issued a security advisory for the vulnerability in the application-centric infrastructure (ACI) multisite CloudSec feature within a family of its data center switches.
“This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches,” the company said in the advisory.
The vulnerability, dubbed CVE-2023-20185, has been assigned a base CVSS score of 7.4.
Nexus 9000 series is affected by the vulnerability
This vulnerability impacts Cisco Nexus 9000 Series Fabric Switches operating in ACI mode with versions 14.0 and onward. It specifically affects switches within a multisite setup and having the CloudSec encryption feature activated.
The Cisco Nexus 9000 series is a family of modular and fixed-form data center switches, designed to meet diverse networking needs in modern data centers. The series runs on two different operating systems — Cisco NX-OS and Cisco ACI.