Tuesday, June 18, 2024

Cisco Switch Flaw Let Attack Reads Encrypted Traffic

The Cisco ACI Multi-Site CloudSec encryption feature of the Cisco Nexus 9000 Series switches contains a critical flaw that enables attackers to easily read encrypted traffic.

The vulnerability resides in implementing the ciphers used by the CloudSec encryption feature on affected switches.

The Cisco ACI Multi-Site Orchestrator GUI is the sole graphical interface that one can employ to set up and oversee ACI and APIC implementations through the browser.

Exploitation of the Flaw

The vulnerability can be exploited by attackers having a position between the ACI sites could exploit the vulnerability by intercepting inter-site traffic.

A remote attacker could use cryptanalytic techniques to break the encryption. Successful exploitation lets an attacker read or modify intersite encrypted traffic.

Cisco stated that no update Flaw or workarounds are available to address this vulnerability.

To determine if CloudSec encryption is active on an ACI site, navigate to Infrastructure > Site Connectivity > Configure > Sites > site-name > Inter-Site Connectivity on the Cisco Nexus Dashboard Orchestrator (NDO).

Check if the “CloudSec Encryption” option is marked as “Enabled.”

To confirm whether your Cisco Nexus 9000 Series switch has CloudSec encryption enabled, simply input the command “show cloudsec sa interface all” into the switch command line.

The resulting output will clearly indicate the “Operational Status” and if CloudSec encryption is active on any interface. Be sure to follow these instructions precisely to accurately determine the encryption status of your switch.

Customers who are using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable the feature.

Cisco (PSIRT) said that there are no active exploitations of this vulnerability, and it was found during an internal audit.

The Cisco Nexus 9000 Series Fabric Switches in ACI mode that are running releases 14.0 and later, if they are part of a Multi-Site topology are affected.

“AI-based email security measures Protect your business From Email Threats!” – .

Website

Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles