Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic

Vulnerable Nexus 9000 Series Fabric Switches in ACI mode should be disabled, Cisco advises.

Cisco has announced that a high-severity flaw in its data center switching gear could allow threat actors to read and modify encrypted traffic — and theres no patch so far.
Cisco disclosed the cloud security bug, tracked under CVE-2023-20185, on July 5. According to the company, the vulnerability affects its Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption on Cisco Nexus 9000 Series Fabric Switches.
Cisco has not released software updates to address the vulnerability that is described in this advisory. Customers who are currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable it and to contact their support organization to evaluate alternative options, Cisco warned.
Principal threat hunter for Netenrich, John Bambenek, said Ciscos recommendation to unplug the device should raise alarms for enterprise security teams.
Im not sure Ive ever seen a vendor say there are no updates, and that they should unplug the device and find another product instead, Bambenek said. For Cisco to tell its customers to disable the device tells me all I need to know about the severity of this vulnerability, and I would advise anyone to contact support to figure out how to move forward.
The delay in releasing a fix is likely due to the complicated nature of the vulnerability, Callie Guenther, cyber threat senior manager at Critical Start explained in a statement provided to Dark Reading.
Cisco has not released patches to address this vulnerability, and it is yet to be officially listed by databases like MITRE and NIST, Guenther said. While the absence of patches and official listings may raise concerns, it is important to understand that addressing vulnerabilities of this nature involves complex processes, coordination, and testing.
Teams would do well to follow the advice to unplug: Cisco explained that Nexus 9000 exploitation could allow cyberattackers to view, and even change
encrypted data
being transmitted between sites.
This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches, Cisco
said in the advisory
. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic