CVE-2023-20185 - Vulnerability Details

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Nexus 9000 In Aci Mode Nx-os

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:nx-os:14.0\(1h\):::::::*
	cpe:2.3:o:cisco:nx-os:14.0\(2c\):::::::*
	cpe:2.3:o:cisco:nx-os:14.0\(3c\):::::::*
	cpe:2.3:o:cisco:nx-os:14.0\(3d\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(1i\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(1j\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(1k\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(1l\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(2g\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(2m\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(2o\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(2s\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(2u\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(2w\):::::::*
	cpe:2.3:o:cisco:nx-os:14.1\(2x\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(1i\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(1j\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(1l\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(2e\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(2f\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(2g\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(3j\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(3l\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(3n\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(3q\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(4i\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(4k\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(4o\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(4p\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(5k\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(5l\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(5n\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(6d\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(6g\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(6h\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(6l\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(6o\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(7f\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(7l\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(7q\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(7r\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(7s\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(7t\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(7u\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(7v\):::::::*
	cpe:2.3:o:cisco:nx-os:14.2\(7w\):::::::*
	cpe:2.3:o:cisco:nx-os:15.0\(1k\):::::::*
	cpe:2.3:o:cisco:nx-os:15.0\(1l\):::::::*
	cpe:2.3:o:cisco:nx-os:15.0\(2e\):::::::*
	cpe:2.3:o:cisco:nx-os:15.0\(2h\):::::::*
	cpe:2.3:o:cisco:nx-os:15.1\(1h\):::::::*
	cpe:2.3:o:cisco:nx-os:15.1\(2e\):::::::*
	cpe:2.3:o:cisco:nx-os:15.1\(3e\):::::::*
	cpe:2.3:o:cisco:nx-os:15.1\(4c\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(1g\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(2e\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(2f\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(2g\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(2h\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(3e\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(3f\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(3g\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(4d\):::::::*
	cpe:2.3:o:cisco:nx-os:15.2\(4e\):::::::*
cpe:2.3:o:cisco:nx-os:15.2\(4f\):::::::*
cpe:2.3:o:cisco:nx-os:15.2\(5c\):::::::*
cpe:2.3:o:cisco:nx-os:15.2\(5d\):::::::*
cpe:2.3:o:cisco:nx-os:15.2\(5e\):::::::*
cpe:2.3:o:cisco:nx-os:15.2\(6e\):::::::*
cpe:2.3:o:cisco:nx-os:15.2\(6g\):::::::*
cpe:2.3:o:cisco:nx-os:15.2\(7f\):::::::*
cpe:2.3:o:cisco:nx-os:15.2\(7g\):::::::*
cpe:2.3:o:cisco:nx-os:15.2\(8d\):::::::*
cpe:2.3:o:cisco:nx-os:16.0\(1g\):::::::*
cpe:2.3:o:cisco:nx-os:16.0\(1j\):::::::*
cpe:2.3:o:cisco:nx-os:16.0\(2h\):::::::*

cpe:2.3:h:cisco:nexus_9000_in_aci_mode:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-07-12T13:50:35.866Z

Updated: 2024-08-02T09:05:36.245Z

Reserved: 2022-10-27T18:47:50.364Z

Link: CVE-2023-20185

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-07-12T14:15:09.720

Modified: 2024-11-21T07:40:46.280

Link: CVE-2023-20185

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20185", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.364Z", "datePublished": "2023-07-12T13:50:35.866Z", "dateUpdated": "2024-08-02T09:05:36.245Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:51.916Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.\r\n\r This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites.\r\n\r Cisco has not released and will not release software updates that address this vulnerability."}], "affected": [{"vendor": "Cisco", "product": "Cisco NX-OS System Software in ACI Mode", "versions": [{"version": "14.0(1h)", "status": "affected"}, {"version": "14.0(2c)", "status": "affected"}, {"version": "14.0(3d)", "status": "affected"}, {"version": "14.0(3c)", "status": "affected"}, {"version": "14.1(1i)", "status": "affected"}, {"version": "14.1(1j)", "status": "affected"}, {"version": "14.1(1k)", "status": "affected"}, {"version": "14.1(1l)", "status": "affected"}, {"version": "14.1(2g)", "status": "affected"}, {"version": "14.1(2m)", "status": "affected"}, {"version": "14.1(2o)", "status": "affected"}, {"version": "14.1(2s)", "status": "affected"}, {"version": "14.1(2u)", "status": "affected"}, {"version": "14.1(2w)", "status": "affected"}, {"version": "14.1(2x)", "status": "affected"}, {"version": "14.2(1i)", "status": "affected"}, {"version": "14.2(1j)", "status": "affected"}, {"version": "14.2(1l)", "status": "affected"}, {"version": "14.2(2e)", "status": "affected"}, {"version": "14.2(2f)", "status": "affected"}, {"version": "14.2(2g)", "status": "affected"}, {"version": "14.2(3j)", "status": "affected"}, {"version": "14.2(3l)", "status": "affected"}, {"version": "14.2(3n)", "status": "affected"}, {"version": "14.2(3q)", "status": "affected"}, {"version": "14.2(4i)", "status": "affected"}, {"version": "14.2(4k)", "status": "affected"}, {"version": "14.2(4o)", "status": "affected"}, {"version": "14.2(4p)", "status": "affected"}, {"version": "14.2(5k)", "status": "affected"}, {"version": "14.2(5l)", "status": "affected"}, {"version": "14.2(5n)", "status": "affected"}, {"version": "14.2(6d)", "status": "affected"}, {"version": "14.2(6g)", "status": "affected"}, {"version": "14.2(6h)", "status": "affected"}, {"version": "14.2(6l)", "status": "affected"}, {"version": "14.2(7f)", "status": "affected"}, {"version": "14.2(7l)", "status": "affected"}, {"version": "14.2(6o)", "status": "affected"}, {"version": "14.2(7q)", "status": "affected"}, {"version": "14.2(7r)", "status": "affected"}, {"version": "14.2(7s)", "status": "affected"}, {"version": "14.2(7t)", "status": "affected"}, {"version": "14.2(7u)", "status": "affected"}, {"version": "14.2(7v)", "status": "affected"}, {"version": "14.2(7w)", "status": "affected"}, {"version": "15.0(1k)", "status": "affected"}, {"version": "15.0(1l)", "status": "affected"}, {"version": "15.0(2e)", "status": "affected"}, {"version": "15.0(2h)", "status": "affected"}, {"version": "15.1(1h)", "status": "affected"}, {"version": "15.1(2e)", "status": "affected"}, {"version": "15.1(3e)", "status": "affected"}, {"version": "15.1(4c)", "status": "affected"}, {"version": "15.2(1g)", "status": "affected"}, {"version": "15.2(2e)", "status": "affected"}, {"version": "15.2(2f)", "status": "affected"}, {"version": "15.2(2g)", "status": "affected"}, {"version": "15.2(2h)", "status": "affected"}, {"version": "15.2(3e)", "status": "affected"}, {"version": "15.2(3f)", "status": "affected"}, {"version": "15.2(3g)", "status": "affected"}, {"version": "15.2(4d)", "status": "affected"}, {"version": "15.2(4e)", "status": "affected"}, {"version": "15.2(5c)", "status": "affected"}, {"version": "15.2(5d)", "status": "affected"}, {"version": "15.2(5e)", "status": "affected"}, {"version": "15.2(4f)", "status": "affected"}, {"version": "15.2(6e)", "status": "affected"}, {"version": "15.2(6g)", "status": "affected"}, {"version": "15.2(7f)", "status": "affected"}, {"version": "15.2(7g)", "status": "affected"}, {"version": "15.2(8d)", "status": "affected"}, {"version": "15.2(8e)", "status": "affected"}, {"version": "15.2(8f)", "status": "affected"}, {"version": "15.2(8g)", "status": "affected"}, {"version": "15.2(8h)", "status": "affected"}, {"version": "16.0(1g)", "status": "affected"}, {"version": "16.0(1j)", "status": "affected"}, {"version": "16.0(2h)", "status": "affected"}, {"version": "16.0(2j)", "status": "affected"}, {"version": "16.0(3d)", "status": "affected"}, {"version": "16.0(3e)", "status": "affected"}, {"version": "15.3(1d)", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use of Insufficiently Random Values", "type": "cwe", "cweId": "CWE-330"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX", "name": "cisco-sa-aci-cloudsec-enc-Vs5Wn2sX"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-aci-cloudsec-enc-Vs5Wn2sX", "discovery": "INTERNAL", "defects": ["CSCwf02544"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.245Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX", "name": "cisco-sa-aci-cloudsec-enc-Vs5Wn2sX", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:14.0\\(1h\\):*:*:*:*:*:*:*", "matchCriteriaId": "B4F75D6B-D48A-4B5E-A1DF-EEBFEBFE6073", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.0\\(2c\\):*:*:*:*:*:*:*", "matchCriteriaId": "FB1B81AF-FC0F-42B6-98C0-BEC432C7BAC2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.0\\(3c\\):*:*:*:*:*:*:*", "matchCriteriaId": "87C5BB7A-3B2B-4AE3-A626-04FD1BB1E9C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.0\\(3d\\):*:*:*:*:*:*:*", "matchCriteriaId": "BDEB393A-9687-4E52-9837-B2C9E8F22D58", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(1i\\):*:*:*:*:*:*:*", "matchCriteriaId": "7E1BE98A-95AE-4D11-B427-68D25FE60720", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(1j\\):*:*:*:*:*:*:*", "matchCriteriaId": "CD61CB15-1955-4A81-9F8E-02F207094260", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(1k\\):*:*:*:*:*:*:*", "matchCriteriaId": "455F4A6C-428C-494F-B70C-A891B83EBEF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(1l\\):*:*:*:*:*:*:*", "matchCriteriaId": "322088F6-DF10-4C58-92F3-0FFBF469A6B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(2g\\):*:*:*:*:*:*:*", "matchCriteriaId": "20BFA5E5-0ECC-4A1F-A936-1F325A810334", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(2m\\):*:*:*:*:*:*:*", "matchCriteriaId": "7ECA1140-9DE0-4BC9-A381-A8DCB5BEA4A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(2o\\):*:*:*:*:*:*:*", "matchCriteriaId": "2F5FCA86-82A3-4540-B827-BD752D9E0465", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(2s\\):*:*:*:*:*:*:*", "matchCriteriaId": "6B8DE7D4-EFEC-487B-8250-251F9EA36BF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(2u\\):*:*:*:*:*:*:*", "matchCriteriaId": "83EA47AA-6F3B-4A48-81A0-2CA8D6696B27", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(2w\\):*:*:*:*:*:*:*", "matchCriteriaId": "89662D5F-AEEC-4DEB-AB8B-6A95D0A4B1D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.1\\(2x\\):*:*:*:*:*:*:*", "matchCriteriaId": "40D5076C-6C6F-44F9-91D7-D8F2FEB21310", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(1i\\):*:*:*:*:*:*:*", "matchCriteriaId": "D8BA2854-BE27-45F8-AF6E-CF6C474CF15B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(1j\\):*:*:*:*:*:*:*", "matchCriteriaId": "8296DD01-9CE0-4734-97A1-43250AD87453", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(1l\\):*:*:*:*:*:*:*", "matchCriteriaId": "77FC6FCC-9C86-43CB-A008-82E5C3E5B791", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(2e\\):*:*:*:*:*:*:*", "matchCriteriaId": "1AD71858-CA76-4BE3-8B4F-626959F6A342", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(2f\\):*:*:*:*:*:*:*", "matchCriteriaId": "38F4C42B-D975-46B5-8A18-1D6F72A294F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(2g\\):*:*:*:*:*:*:*", "matchCriteriaId": "58277DB8-BBC7-4639-8967-FCBAB029641E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(3j\\):*:*:*:*:*:*:*", "matchCriteriaId": "7E6354B7-3CBA-4E09-93F6-B49717B2A78E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(3l\\):*:*:*:*:*:*:*", "matchCriteriaId": "C693C8FA-3324-4439-B177-6FAE387DB23D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(3n\\):*:*:*:*:*:*:*", "matchCriteriaId": "949C0F31-77ED-49CC-870D-70104AA908A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(3q\\):*:*:*:*:*:*:*", "matchCriteriaId": "007BDA28-37AD-4F37-B351-C3BE0B8418F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(4i\\):*:*:*:*:*:*:*", "matchCriteriaId": "9563DBDC-D2C0-4C7C-A246-EC95DC4581CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(4k\\):*:*:*:*:*:*:*", "matchCriteriaId": "09CF92FC-B053-4234-830F-683E06807545", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(4o\\):*:*:*:*:*:*:*", "matchCriteriaId": "61DF8B69-D0B7-455F-A50E-5930948BED49", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(4p\\):*:*:*:*:*:*:*", "matchCriteriaId": "724603DA-06C9-4E64-B495-A90AD9BF31E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(5k\\):*:*:*:*:*:*:*", "matchCriteriaId": "D1255013-E3BC-4048-BD50-4641C0048FA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(5l\\):*:*:*:*:*:*:*", "matchCriteriaId": "829A7F53-0C09-497C-AC27-FDF7A573A502", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(5n\\):*:*:*:*:*:*:*", "matchCriteriaId": "11633F33-1BF8-440B-B1D2-F06E3613BEBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(6d\\):*:*:*:*:*:*:*", "matchCriteriaId": "84AC6EEF-633F-4F55-8C21-1B0782FF6596", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(6g\\):*:*:*:*:*:*:*", "matchCriteriaId": "4F4CE8A3-2AC2-420B-983A-1D49CEEE5B95", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(6h\\):*:*:*:*:*:*:*", "matchCriteriaId": "844669D6-6180-4F39-9DA9-691322F43BAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(6l\\):*:*:*:*:*:*:*", "matchCriteriaId": "074D3027-0863-4738-AC5B-897A5D96BD71", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(6o\\):*:*:*:*:*:*:*", "matchCriteriaId": "9F9A0537-8897-4E4D-987A-3F298E4D2B37", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(7f\\):*:*:*:*:*:*:*", "matchCriteriaId": "FD6D7D62-660F-49AB-96D7-189778A42394", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(7l\\):*:*:*:*:*:*:*", "matchCriteriaId": "B2043E85-0157-4CC3-8086-FA3D075C4EA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(7q\\):*:*:*:*:*:*:*", "matchCriteriaId": "248E9B58-B96B-4344-AC9C-CEA3A8033569", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(7r\\):*:*:*:*:*:*:*", "matchCriteriaId": "CA29C49E-92BA-4878-83BA-BF31FF372EA4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(7s\\):*:*:*:*:*:*:*", "matchCriteriaId": "60965FE5-CE51-4144-B644-E331CD243B05", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(7t\\):*:*:*:*:*:*:*", "matchCriteriaId": "4B8989C9-2BCC-4E94-AFE0-7CB17E39602F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(7u\\):*:*:*:*:*:*:*", "matchCriteriaId": "E587DD04-0B07-4225-8AC2-39764BD5C4C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(7v\\):*:*:*:*:*:*:*", "matchCriteriaId": "281468EF-C7E6-45F2-9264-9AC9B45C9ABE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:14.2\\(7w\\):*:*:*:*:*:*:*", "matchCriteriaId": "49E6CD5F-C5A7-4A06-A87F-22C3E2B86068", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.0\\(1k\\):*:*:*:*:*:*:*", "matchCriteriaId": "ABBAFC12-85C7-4FD1-B46E-D8268D00DEE9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.0\\(1l\\):*:*:*:*:*:*:*", "matchCriteriaId": "8F988380-7BAE-4E9C-B1E2-D3F7389E2FB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.0\\(2e\\):*:*:*:*:*:*:*", "matchCriteriaId": "11E2E40A-CCD5-4CA7-826E-10923BED72E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.0\\(2h\\):*:*:*:*:*:*:*", "matchCriteriaId": "95A5C1D4-EAE5-4E3F-AFCC-96B1ECDA91EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.1\\(1h\\):*:*:*:*:*:*:*", "matchCriteriaId": "C78C9E79-C6DC-4FE3-8B79-A9BEBED9A67D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.1\\(2e\\):*:*:*:*:*:*:*", "matchCriteriaId": "636FE4FC-D76D-4EF1-8C36-8B0D35247A9D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.1\\(3e\\):*:*:*:*:*:*:*", "matchCriteriaId": "743B909F-18EC-4F75-A82B-D8AC1528A30C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.1\\(4c\\):*:*:*:*:*:*:*", "matchCriteriaId": "C8157E7B-8AA2-45E7-9506-A0D5B0167031", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(1g\\):*:*:*:*:*:*:*", "matchCriteriaId": "D4C90C63-E006-4101-A737-429B28A5ABD5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(2e\\):*:*:*:*:*:*:*", "matchCriteriaId": "0235897B-D881-4C22-AEC5-6B0D8552B47B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(2f\\):*:*:*:*:*:*:*", "matchCriteriaId": "77B4432C-D3C1-45DA-8E2B-1282A98D4D66", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(2g\\):*:*:*:*:*:*:*", "matchCriteriaId": "FE2846A6-62B3-4035-968C-AA73FFA1EA67", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(2h\\):*:*:*:*:*:*:*", "matchCriteriaId": "C6DC1C38-8134-4548-9685-03664699B273", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(3e\\):*:*:*:*:*:*:*", "matchCriteriaId": "C46E10DB-6CA8-460F-9C6D-48684BDCCEA9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(3f\\):*:*:*:*:*:*:*", "matchCriteriaId": "D027C394-ED7D-4302-92B1-F9A2F60C8568", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(3g\\):*:*:*:*:*:*:*", "matchCriteriaId": "3914D468-662E-4F82-910F-67800189462E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(4d\\):*:*:*:*:*:*:*", "matchCriteriaId": "6502FEA6-A959-48F3-84E7-6E2180D23956", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(4e\\):*:*:*:*:*:*:*", "matchCriteriaId": "1336D0EA-F391-411D-B140-040E805DF3DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(4f\\):*:*:*:*:*:*:*", "matchCriteriaId": "60BC734F-D9DB-42B9-82C4-4A23C2A3C14D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(5c\\):*:*:*:*:*:*:*", "matchCriteriaId": "F9F5D422-54B8-47F2-96E6-A820E27658DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(5d\\):*:*:*:*:*:*:*", "matchCriteriaId": "F2BBBEDF-6869-4C99-A1D9-1AF53EFA82E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(5e\\):*:*:*:*:*:*:*", "matchCriteriaId": "CBB9500B-84F9-4B35-95C6-26F57BE8145C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(6e\\):*:*:*:*:*:*:*", "matchCriteriaId": "6D467B51-129D-409D-B38F-198162C48BBE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(6g\\):*:*:*:*:*:*:*", "matchCriteriaId": "070E4F81-493B-4F1F-BA9A-05F447E1C6F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(7f\\):*:*:*:*:*:*:*", "matchCriteriaId": "AFA1B066-7A7A-4291-9404-4482556B7CC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(7g\\):*:*:*:*:*:*:*", "matchCriteriaId": "9BD70DA9-9CF0-4CAA-B017-6CAF55DB2E3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:15.2\\(8d\\):*:*:*:*:*:*:*", "matchCriteriaId": "AB2F2F8C-A371-4A42-8D5A-011A7B4B3332", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:16.0\\(1g\\):*:*:*:*:*:*:*", "matchCriteriaId": "6B68CD3E-700F-43D2-960C-C53A6EE241B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:16.0\\(1j\\):*:*:*:*:*:*:*", "matchCriteriaId": "743AED05-E2D7-4322-8814-C803F0BD6265", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:16.0\\(2h\\):*:*:*:*:*:*:*", "matchCriteriaId": "0C541E43-5457-402F-BA3C-5E0B08FC3A39", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9000_in_aci_mode:-:*:*:*:*:*:*:*", "matchCriteriaId": "57BC5903-1316-4FFF-BE52-2F6D63549590", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.\r\n\r This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites.\r\n\r Cisco has not released and will not release software updates that address this vulnerability."}], "id": "CVE-2023-20185", "lastModified": "2024-11-21T07:40:46.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-12T14:15:09.720", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object