Monday, October 7, 2024
HomeCyber Security NewsCisco Switch Flaw Let Attack Reads Encrypted Traffic

Cisco Switch Flaw Let Attack Reads Encrypted Traffic

Published on

The Cisco ACI Multi-Site CloudSec encryption feature of the Cisco Nexus 9000 Series switches contains a critical flaw that enables attackers to easily read encrypted traffic.

The vulnerability resides in implementing the ciphers used by the CloudSec encryption feature on affected switches.

The Cisco ACI Multi-Site Orchestrator GUI is the sole graphical interface that one can employ to set up and oversee ACI and APIC implementations through the browser.

- Advertisement - EHA

Exploitation of the Flaw

The vulnerability can be exploited by attackers having a position between the ACI sites could exploit the vulnerability by intercepting inter-site traffic.

A remote attacker could use cryptanalytic techniques to break the encryption. Successful exploitation lets an attacker read or modify intersite encrypted traffic.

Cisco stated that no update Flaw or workarounds are available to address this vulnerability.

To determine if CloudSec encryption is active on an ACI site, navigate to Infrastructure > Site Connectivity > Configure > Sites > site-name > Inter-Site Connectivity on the Cisco Nexus Dashboard Orchestrator (NDO).

Check if the “CloudSec Encryption” option is marked as “Enabled.”

To confirm whether your Cisco Nexus 9000 Series switch has CloudSec encryption enabled, simply input the command “show cloudsec sa interface all” into the switch command line.

The resulting output will clearly indicate the “Operational Status” and if CloudSec encryption is active on any interface. Be sure to follow these instructions precisely to accurately determine the encryption status of your switch.

Customers who are using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable the feature.

Cisco (PSIRT) said that there are no active exploitations of this vulnerability, and it was found during an internal audit.

The Cisco Nexus 9000 Series Fabric Switches in ACI mode that are running releases 14.0 and later, if they are part of a Multi-Site topology are affected.

“AI-based email security measures Protect your business From Email Threats!” – .

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...