Skip to content

Cisco warns of high-severity vulnerability in data centre switches

  • by
  • 3 min read

Cisco has issued a warning to its customers regarding a high-severity vulnerability that affects certain data centre switch models.

The flaw, identified as CVE-2023-20185, was discovered during internal security testing in the ACI Multi-Site CouldSec encryption feature of Cisco Nexus 9000 Series Fabric Switches.

Specifically, the vulnerability impacts Cisco Nexus 9332C, 9354C, and 9500 spine switches that are in ACI mode, part of a Multi-Site topology, have the CloudSec encryption feature enabled, and are running firmware 14.0 and later releases.

If successfully exploited, this vulnerability allows unauthenticated attackers to tamper with or read intersite encrypted traffic between remote sites, reported BleepingComputer.

Cisco explained that the flaw stems from an issue in the implementation of cyphers used by the CloudSec encryption feature on the affected switches. An attacker who is positioned between the ACI sites could intercept intersite encrypted traffic and employ cryptanalytic techniques to bypass the encryption.

“This vulnerability is due to an issue with the implementation of the cyphers that are used by the CloudSec encryption feature on affected switches,” Cisco said.

Cisco has yet to release a patch to fix the bug.

As of now, Cisco has not released software updates to address the CVE-2023-20185 vulnerability. Customers using the affected data centre switchers are advised to disable the vulnerable feature and consult their support organisation for alternative solutions.

To determine if CloudSec encryption is active for an ACI site, navigate to Infrastructure > Site Connectivity > Configure > Sites > site-name > Inter-Site Connectivity within the Cisco Nexus Dashboard Orchestrator (NDO). Check if the CloudSec Encryption option is set to Enabled.

To verify CloudSec encryption status on a Cisco Nexus 9000 Series switch, execute the show cloudsec sa interface all command via the switch’s command line. If any interface displays an Operational Status, CloudSec encryption is enabled.

Cisco’s Product Security Incident Response Team (PSIRT) has not identified any signs of active exploitation or public exploit code targeting the vulnerability. However, the company has been proactive in addressing security concerns, having recently patched critical remote code execution flaws in Small Business Series Switches.

In addition to the data centre switch vulnerability, Cisco is also working on patching a cross-site scripting (XSS) bug in its Prime Collaboration Deployment (PCD) server management tool, which was reported by Pierre Vivegnis of NATO’s Cyber Security Centre (NCSC).

Cisco has urged customers to follow Cisco’s recommendations to mitigate the risk posed by the vulnerability until the official patch becomes available. Regular monitoring and staying updated on the security advisories from Cisco are crucial for maintaining a secure network environment.

In the News: Deleting Threads profile will also delete your Instagram account

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: