Rewterz

Rewterz Threat Advisory – CVE-2023-3484 – GitLab Vulnerability

July 6, 2023
Rewterz

Rewterz Threat Alert – RedEnergy: Advanced Stealer-as-a-Ransomware Targets Energy and Telecom Sectors – Active IOCs

July 6, 2023

Rewterz Threat Advisory – CVE-2023-20185 – Cisco ACI Multi-Site CloudSec Vulnerability

Severity

High

Analysis Summary

CVE-2023-20185

Cisco ACI Multi-Site CloudSec could allow a remote attacker to obtain sensitive information, caused by an issue with the implementation of the ciphers that are used by the CloudSec encryption feature. By intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption, an attacker could exploit this vulnerability to read or modify the traffic that is transmitted between the sites.

Impact

  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2023-20185

Affected Vendors

Cisco

Affected Products

  • Cisco ACI Multi-Site CloudSec Encryption
  • Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information. 

Cisco Security Advisory 

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.