Cisco’s Nexus 9000 series switches in ACI mode have a flaw that can allow attackers to read and modify encrypted traffic. Credit: Reuters / Sergio Perez A high-severity flaw in Cisco’s data center switching gear could allow threat actors to read and modify encrypted traffic, according to the company. On Wednesday, Cisco issued a security advisory for the vulnerability in the application-centric infrastructure (ACI) multisite CloudSec feature within a family of its data center switches. “This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches,” the company said in the advisory. The vulnerability, dubbed CVE-2023-20185, has been assigned a base CVSS score of 7.4. Nexus 9000 series is affected by the vulnerability This vulnerability impacts Cisco Nexus 9000 Series Fabric Switches operating in ACI mode with versions 14.0 and onward. It specifically affects switches within a multisite setup and having the CloudSec encryption feature activated. The Cisco Nexus 9000 series is a family of modular and fixed-form data center switches, designed to meet diverse networking needs in modern data centers. The series runs on two different operating systems — Cisco NX-OS and Cisco ACI. “Cisco has confirmed that this vulnerability does not affect Cisco Nexus 9000 Series Switches in standalone NX-OS mode,” the advisory added. While Cisco NX-OS switches are more traditional and provide a comprehensive set of networking features, the switches running Cisco ACI are part of Cisco’s software-defined networking (SDN) solution and offer centralized policy-based automation. No fixes yet Cisco has yet to release software updates to address the vulnerability and there are no current workarounds either, the company said. “Customers who are currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable it and to contact their support organization to evaluate alternative options,” the advisory added. Cisco also detailed in the advisory the steps to determine the status of the CloudSec feature on these devices. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe