Cisco Switch Flaw Let Attack Reads Encrypted Traffic


The Cisco ACI Multi-Site CloudSec encryption feature of the Cisco Nexus 9000 Series switches contains a critical flaw that enables attackers to easily read encrypted traffic.

The vulnerability resides in implementing the ciphers used by the CloudSec encryption feature on affected switches.

CSN

The Cisco ACI Multi-Site Orchestrator GUI is the sole graphical interface that one can employ to set up and oversee ACI and APIC implementations through the browser.

Exploitation of the Flaw

The vulnerability can be exploited by attackers having a position between the ACI sites could exploit the vulnerability by intercepting inter-site traffic.

A remote attacker could use cryptanalytic techniques to break the encryption. Successful exploitation lets an attacker read or modify intersite encrypted traffic.

Cisco stated that no update Flaw or workarounds are available to address this vulnerability.

To determine if CloudSec encryption is active on an ACI site, navigate to Infrastructure > Site Connectivity > Configure > Sites > site-name > Inter-Site Connectivity on the Cisco Nexus Dashboard Orchestrator (NDO).

Check if the “CloudSec Encryption” option is marked as “Enabled.”

To confirm whether your Cisco Nexus 9000 Series switch has CloudSec encryption enabled, simply input the command “show cloudsec sa interface all” into the switch command line.

The resulting output will clearly indicate the “Operational Status” and if CloudSec encryption is active on any interface. Be sure to follow these instructions precisely to accurately determine the encryption status of your switch.

Customers who are using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable the feature.

Cisco (PSIRT) said that there are no active exploitations of this vulnerability, and it was found during an internal audit.

The Cisco Nexus 9000 Series Fabric Switches in ACI mode that are running releases 14.0 and later, if they are part of a Multi-Site topology are affected.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.



Source link