The Cisco ACI Multi-Site CloudSec encryption feature of the Cisco Nexus 9000 Series switches has been found to have a critical flaw that allows attackers to easily read encrypted traffic. This vulnerability is specifically related to the implementation of the ciphers used by the CloudSec encryption feature on affected switches.
The flaw can be exploited by attackers who have a position between the ACI sites, as they can intercept inter-site traffic. By using cryptanalytic techniques, remote attackers can break the encryption and gain unauthorized access to the intersite encrypted traffic. This means that they can read or modify the traffic without detection.
According to Cisco, there are currently no available updates or workarounds to address this vulnerability. The company advises users to check if CloudSec encryption is active on their ACI site by navigating to the Infrastructure > Site Connectivity > Configure > Sites > site-name > Inter-Site Connectivity section of the Cisco Nexus Dashboard Orchestrator (NDO). If the “CloudSec Encryption” option is enabled, then the vulnerability is present.
To confirm whether CloudSec encryption is enabled on a Cisco Nexus 9000 Series switch, users can enter the command “show cloudsec sa interface all” into the switch command line. The resulting output will indicate the “Operational Status” and whether CloudSec encryption is active on any interface.
Cisco recommends that customers who are using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches, as well as the Cisco Nexus N9K-X9736C-FX Line Card, disable the feature to mitigate the risk associated with the vulnerability.
It is important to note that there are currently no known active exploitations of this vulnerability, and it was discovered during an internal audit conducted by Cisco. However, the flaw affects Cisco Nexus 9000 Series Fabric Switches in ACI mode running releases 14.0 and later, if they are part of a Multi-Site topology.
In conclusion, the critical flaw in the Cisco ACI Multi-Site CloudSec encryption feature poses a significant risk to the security of encrypted traffic. Users are urged to verify the status of CloudSec encryption on their devices and take appropriate actions, such as disabling the feature if necessary, to protect their networks from potential attacks. Cisco is actively working to address this vulnerability and may release updates or mitigations in the future.