Cisco cautions of bug that allows assailants to break traffic encryption

-

 

Cisco cautioned clients today of a high-seriousness weakness influencing a few server farm change models and permitting aggressors to mess with encoded traffic.

Followed as CVE-2023-20185, the blemish was found during interior security testing in the ACI Multi-Site CloudSec encryption component of server farm Cisco Nexus 9000 Series Texture Switches.

The weakness just effects Cisco Nexus 9332C, 9364C, and 9500 spine switches (the last ones outfitted with a Cisco Nexus N9K-X9736C-FX Line Card) provided that they are in ACI mode, are essential for a Multi-Site geography, have the CloudSec encryption highlight empowered, and are running firmware 14.0 and later deliveries.

Fruitful abuse permits unauthenticated assailants to peruse or change intersite encoded traffic traded between destinations from a distance.

"This weakness is because of an issue with the execution of the codes that are utilized by the CloudSec encryption highlight on impacted switches," Cisco said.

"An aggressor with an on-way position between the ACI locales could take advantage of this weakness by capturing intersite encoded traffic and utilizing cryptanalytic procedures to break the encryption."

No fix and no indications of dynamic abuse

Cisco has not yet given programming updates to determine the CVE-2023-20185 weakness. Clients utilizing impacted server farm switches are encouraged to switch off the weak component and look for direction from their help association to investigate elective arrangements.

To see whether CloudSec encryption is being utilized across an ACI site, go to Framework > Site Network > Arrange > Locales > site-name > Between Site Availability on the Cisco Nexus Dashboard Orchestrator (NDO) and check if "CloudSec Encryption" is set apart as "Empowered."

To check whether CloudSec encryption is empowered on a Cisco Nexus 9000 Series switch, manage everything Cloudsec sa interface all order by means of the switch order line. Assuming it returns 'Functional Status' for any connection point, CloudSec encryption is flipped on.

The organization's Item Security Episode Reaction Group (PSIRT) is yet to find proof of public adventure code focusing on the bug or that the blemish has been taken advantage of in assaults.

In May, it likewise tended to four basic remote code execution blemishes with public endeavor code influencing numerous Private company Series Switches.


AH

Comments

Post a Comment

Popular posts from this blog

The Hidden Lag Killing Your SIEM Efficiency

-
Image
  If your security tools feel slower than they should, you’re not imagining it. Many IT teams blame their sluggish SIEM performance on query complexity or alert volume. But sometimes the real issue is much simpler: oversized input files quietly dragging your system down. Think about the last time you had to sift through a bloated PDF or an unoptimised log dump. Every unnecessary megabyte adds strain. Every redundant line eats up cycles. Your SIEM doesn’t just react to threats—it processes all incoming data, relevant or not. When it starts lagging, detection gets delayed, triage slows, and in the high-stakes world of threat response, even seconds count. We often focus on analytics and rule tuning, but upstream efficiency—what you feed into your system—deserves just as much attention. This article looks at how optimising your inputs unlocks downstream performance. Why Oversized Files Clog the Pipeline As data volumes grow, organisations face esca lating  data storage costs ,...
Read more

Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution

-
Image
Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution By : Rei Ibraima A newly discovered critical vulnerability in Veeam’s Backup & Replication software, designated as CVE-2025-23120, poses a significant security risk to enterprise environments. The flaw allows authenticated domain users to execute arbitrary code remotely, potentially leading to full compromise of backup infrastructures. About CVE-2025-23120 The vulnerability arises from an insecure deserialization issue within Veeam Backup & Replication components—particularly in the .NET classes Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary. Improper input validation in these components allows attackers to inject malicious serialized objects that are executed on the server side, resulting in Remote Code Execution (RCE). This issue affects systems where Veeam Backup & Replication is deployed in a domain-joined configuration, which—while common—is...
Read more

Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

-
Image
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report shared with The Hacker News. "The attacks involved the use of multiple new custom tools, including loaders, credential stealers, and a reverse SSH tool." The intrusion set is also said to have targeted a news agency located in another country in Southeast Asia and an air freight organization located in another neighboring country. The threat cluster, per Broadcom's cybersecurity division, is assessed to be a continuation of a campaign that was disclosed by the company in December 2024 as a high-profile organization in Southeast Asia since at least October 2023. ...
Read more