Monday, February 10, 2025
HomeCyber Security NewsCisco Switch Flaw Let Attack Reads Encrypted Traffic

Cisco Switch Flaw Let Attack Reads Encrypted Traffic

Published on

SIEM as a Service

Follow Us on Google News

The Cisco ACI Multi-Site CloudSec encryption feature of the Cisco Nexus 9000 Series switches contains a critical flaw that enables attackers to easily read encrypted traffic.

The vulnerability resides in implementing the ciphers used by the CloudSec encryption feature on affected switches.

The Cisco ACI Multi-Site Orchestrator GUI is the sole graphical interface that one can employ to set up and oversee ACI and APIC implementations through the browser.

Exploitation of the Flaw

The vulnerability can be exploited by attackers having a position between the ACI sites could exploit the vulnerability by intercepting inter-site traffic.

A remote attacker could use cryptanalytic techniques to break the encryption. Successful exploitation lets an attacker read or modify intersite encrypted traffic.

Cisco stated that no update Flaw or workarounds are available to address this vulnerability.

To determine if CloudSec encryption is active on an ACI site, navigate to Infrastructure > Site Connectivity > Configure > Sites > site-name > Inter-Site Connectivity on the Cisco Nexus Dashboard Orchestrator (NDO).

Check if the “CloudSec Encryption” option is marked as “Enabled.”

To confirm whether your Cisco Nexus 9000 Series switch has CloudSec encryption enabled, simply input the command “show cloudsec sa interface all” into the switch command line.

The resulting output will clearly indicate the “Operational Status” and if CloudSec encryption is active on any interface. Be sure to follow these instructions precisely to accurately determine the encryption status of your switch.

Customers who are using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable the feature.

Cisco (PSIRT) said that there are no active exploitations of this vulnerability, and it was found during an internal audit.

The Cisco Nexus 9000 Series Fabric Switches in ACI mode that are running releases 14.0 and later, if they are part of a Multi-Site topology are affected.

“AI-based email security measures Protect your business From Email Threats!” – .

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Tor Browser 14.0.6 Released, What’s New!

The Tor Project has officially unveiled Tor Browser 14.0.6, now accessible for download from the...

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious...

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Tor Browser 14.0.6 Released, What’s New!

The Tor Project has officially unveiled Tor Browser 14.0.6, now accessible for download from the...

Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released

A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious...

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...