CVE-2023-20185

CWE-330CWE-3264 documents4 sources
Severity
7.4HIGH
EPSS
0.2%
top 61.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Nx-os System Software IN ACI ModeCisco Nx-os
Timeline
PublishedJul 12

Description

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted tr

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

NVDcisco/nx-os76 versions+75

🔴Vulnerability Details

2
GHSA
GHSA-jpfv-6q3x-wx9f: A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthen2023-07-12
CVEList
CVE-2023-20185: A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthen2023-07-12

📋Vendor Advisories

1
Cisco
Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability2023-07-05
CVE-2023-20185 (HIGH CVSS 7.4) | A vulnerability in the Cisco ACI Mu | cvebase.io