Connected Car
A critical security flaw has been discovered in the Cisco Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption feature, potentially allowing hackers to read or alter inter-site encrypted traffic. Disclosing the vulnerability on Wednesday, Cisco said it is attributed to an implementation issue with the ciphers used by the CloudSec encryption feature on the affected switches. While CloudSec encryption is designed to protect data transmitted between sites, Cisco said that, by exploiting the vulnerability, an unauthenticated attacker with a position between ACI sites could intercept and compromise the encrypted traffic. “Customers who are currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable it and to contact their support organization to evaluate alternative options,” Cisco advised. Noticeably, the Cisco Nexus 9000 Series Switches in standalone NX-OS mode are not vulnerable to this security flaw.