Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic


According to Cisco, there is currently no patch for a high-severity vulnerability in the switching equipment used in data centres that might allow threat actors to access and change encrypted traffic. On July 5, Cisco revealed the vulnerability in the cloud’s security, denoted by CVE-2023-20185. The business claims that the flaw affects the Cisco Nexus 9000 Series Fabric Switches’ Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption.

To address the vulnerability detailed in this advisory, Cisco has not published any software updates. Customers that are currently utilising the Cisco ACI Multi-Site CloudSec encryption function for the Cisco Nexus 9332C, Nexus 9364C, and Cisco Nexus N9K-X9736C-FX Line Card are urged to disable it and contact their support organisation to examine alternate solutions, according to Cisco.

Read More…