Cisco has recently announced a high-severity flaw in its data center switching gear, which poses a significant security risk. This vulnerability could potentially allow threat actors to read and modify encrypted traffic. What’s even more concerning is the fact that there is currently no patch available to address this issue.
The cloud security bug, known as CVE-2023-20185, was disclosed by Cisco on July 5. The vulnerability specifically affects Cisco’s Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption on Nexus 9000 Series Fabric Switches. In response to this vulnerability, Cisco has advised customers who are currently using the affected switches to disable the ACI Multi-Site CloudSec encryption feature and to seek alternative options through their support organization.
The severity of this flaw has raised alarms among enterprise security teams. John Bambenek, the principal threat hunter for Netenrich, expressed his surprise at Cisco’s recommendation to unplug the device. He stated that it is rare for a vendor to suggest disabling a device without offering any software updates. Bambenek emphasized the gravity of the situation and advised anyone affected to immediately contact support to determine the best course of action.
The lack of available patches for this vulnerability can be attributed to the complexity involved in addressing it. Callie Guenther, a cyber threat senior manager at Critical Start, explained that Cisco has not released any patches, and the vulnerability has not been officially listed by databases such as MITRE and NIST. She further elaborated that resolving vulnerabilities of this nature requires intricate processes, coordination, and extensive testing.
In light of this, organizations are strongly advised to follow Cisco’s recommendation and unplug the affected devices. Cisco has provided an explanation as to how the Nexus 9000 exploitation could allow cyber attackers to view and potentially alter encrypted data transmitted between sites. The company highlighted that the vulnerability is a result of an issue with the implementation of the ciphers used by the CloudSec encryption feature on the affected switches. An attacker who can position themselves between the ACI sites could exploit this flaw by intercepting intersite encrypted traffic and employing cryptanalytic techniques to break the encryption.
Given the severity of this vulnerability, it is crucial for organizations to take immediate action. Data breaches have become increasingly common and damaging, with significant financial and reputational consequences. Therefore, it is essential for businesses to prioritize cybersecurity measures and ensure that they remain proactive in addressing potential vulnerabilities. In this instance, following Cisco’s advice to disable the affected devices and seeking alternative options through their support organization is a prudent step to safeguard encrypted data. Organizations must remain vigilant and stay informed about any updates or patches provided by Cisco to mitigate this security risk effectively.
In conclusion, the high-severity flaw in Cisco’s data center switching gear poses a major threat to the security of encrypted traffic. With no available patch at present, organizations using the affected switches are advised to disable the vulnerable feature and explore alternative options. Cisco’s recommendation to unplug the device emphasizes the seriousness of this vulnerability, and it is crucial for enterprises to act swiftly in implementing necessary measures to protect their data. Cybersecurity should always be a top priority, and organizations must remain proactive in addressing potential vulnerabilities to avoid potential data breaches.