Cisco notified customers of a high-severity vulnerability in its Nexus 9000 series switches this week. Unauthenticated users may be able to intercept and manipulate communications between encrypted sites by exploiting CVE-2023-20185. The vulnerability affects the Nexus 9000’s ACI multi-site CloudSec encryption capability, which is designed for usage in data centers.

Specifically, the issue impacts Nexus 9332C and Nexus 9364C fixed spine switches, as well as Nexus 9500 spine switches with Nexus N9K-X9736C-FX line cards. Cisco has not released a patch for this vulnerability and is currently advising customers to disable the ACI multi-site CloudSec encryption feature. This week, the company did provide software patches for medium-severity vulnerabilities in Webex Meetings, Duo Authentication, and BroadWorks. Cisco noted that it is not aware of any attacks or proof-of-concept code targeting any of these flaws.

Read More: