Cisco has issued a warning about a vulnerability in its Nexus 9000 series that enables unauthorized attackers on the network to access and manipulate encrypted traffic. The problem lies in the implementation of the encryption cipher used in the CloudSec encryption feature, which allows attackers to intercept and break open the encrypted traffic using cryptanalytic methods. This poses a significant risk, with a CVSS score of 7.4, categorizing the threat as “high”.
Unfortunately, there are no software updates available to fix this vulnerability, and there is no workaround either. The only solution is to disable the function entirely. This affects Cisco Nexus 9000 fabric switches running in ACI mode and using version 14.0 or later of Cisco’s NX-OS, specifically those used in a multi-site topology with CloudSec encryption enabled.
To determine if the defective function is active on vulnerable devices, IT managers can use the “show cloudsec sa interface all” command. If the Operational Status returns as “UP”, that indicates the function is enabled and at risk. Cisco recommends that users of Cisco Nexus 9332C and Nexus 9364C switches, as well as the Cisco Nexus N9K-X9736C-FX Line Card, disable the function and contact their support for alternative options.
It’s worth noting that Cisco has not yet witnessed any public announcements or malicious exploitation of this vulnerability. However, it is crucial for IT managers to stay vigilant and take proactive steps to address security vulnerabilities promptly. Cisco recently released updates to address high-risk vulnerabilities in AnyConnect and the Secure Client, and IT managers are strongly advised to install these updates immediately.
In conclusion, Cisco has identified a vulnerability in the Nexus 9000 series that allows attackers to read or manipulate encrypted traffic. The only solution currently available is to disable the function, and users should reach out to their support for further guidance. IT managers should continuously stay informed about security threats and promptly install available updates to protect their networks.
