PatchSiren cyber security CVE debrief

CVE-2017-3798 Cisco CVE debrief

CVE-2017-3798 is a medium-severity cross-site scripting (XSS) filter bypass in the web-based management interface of Cisco Unified Communications Manager. Cisco and NVD describe it as allowing an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. The NVD record classifies it as CWE-79 and gives it CVSS 3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Vendor: Cisco
Product: CVE-2017-3798
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-26
Original CVE updated: 2026-05-13
Advisory published: 2017-01-26
Advisory updated: 2026-05-13

Who should care

Cisco Unified Communications Manager administrators, teams responsible for protecting the web-based management interface, and security operations staff overseeing privileged admin access should care most. Organizations exposing CUCM management services beyond tightly controlled admin networks should treat this as higher priority.

Technical summary

The issue is an XSS filter bypass in CUCM's web-based management interface. According to the supplied sources, the attack is network-reachable, does not require authentication, and does require user interaction. Impact is limited to confidentiality and integrity at low levels, but the scope changes because attacker-controlled script can run in the context of the affected user session. The supplied description lists affected releases 11.0(1.10000.10) and 11.5(1.10000.6), with fixed releases including 11.5(1.12029.1), 11.5(1.12900.11), and several 12.0(0.98000.x) builds.

Defensive priority

Medium. Prioritize more urgently if the CUCM management interface is reachable from untrusted networks, if privileged administrators browse the interface from shared or unmanaged endpoints, or if the affected versions are still deployed.

Recommended defensive actions

Upgrade Cisco Unified Communications Manager to a fixed release listed by Cisco in the supplied description.
Restrict access to the CUCM web-based management interface to trusted administrative networks or VPN-only paths.
Review administrator account exposure and use least privilege for users who can access management functions.
Monitor CUCM and reverse-proxy logs for unusual requests to management pages and signs of injected script content.
Harden admin browsing practices, including current browser versions and separation of privileged admin sessions from general web browsing.

Evidence notes

The supplied CVE description states that this is a cross-site scripting filter bypass in the web-based management interface of Cisco Unified Communications Manager, affecting 11.0(1.10000.10) and 11.5(1.10000.6), with multiple fixed releases listed. The NVD source item provides the CVSS 3.0 vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N and identifies CWE-79. The source corpus also includes Cisco vendor advisory references used for remediation context.

Official resources

CVE-2017-3798 CVE record
CVE.org
CVE-2017-3798 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly recorded in the CVE/NVD ecosystem on 2017-01-26; the provided source corpus also points to a Cisco vendor advisory for remediation context.