PatchSiren cyber security CVE debrief
CVE-2017-3799 Cisco CVE debrief
CVE-2017-3799 is a Cisco WebEx Meeting Center issue involving a URL parameter that can enable site redirection. Cisco lists T28.1 as a known affected release. From a defender’s perspective, redirect flaws can be abused to send users to attacker-controlled destinations, increasing phishing and trust-abuse risk.
- Vendor
- Cisco
- Product
- CVE-2017-3799
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-26
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-26
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for Cisco WebEx Meeting Center deployments, especially environments running or inheriting T28.1-based builds, should review exposure and validate whether any redirect-related URLs are reachable by users.
Technical summary
The NVD entry classifies the issue as CWE-601 (URL Redirection to Untrusted Site) and assigns CVSS 3.0 5.4/Medium with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vendor description states that a URL parameter in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. The record cites Cisco advisory CSCzu78401 and identifies known affected releases as T28.1.
Defensive priority
Medium. This is not a high-severity availability issue, but open-redirect behavior can materially support phishing and credential-harvesting campaigns, so remediation and user-facing URL validation are still worth prioritizing.
Recommended defensive actions
- Review Cisco’s advisory and confirm whether your WebEx Meeting Center deployment maps to the affected T28.1 release lineage.
- Inventory externally reachable WebEx Meeting Center URLs and inspect any parameters that influence destination handling or redirect logic.
- Apply vendor guidance or available mitigation from the Cisco advisory referenced in the record.
- Where feasible, restrict or harden redirect endpoints so only approved destinations are allowed.
- Monitor for suspicious links or redirect chains that route users from trusted Cisco-hosted pages to unexpected destinations.
Evidence notes
All statements are drawn from the supplied CVE/NVD corpus and official links. The source description states that a URL parameter in Cisco WebEx Meeting Center could allow site redirection and names T28.1 as a known affected release. The NVD metadata classifies the weakness as CWE-601 and provides the CVSS vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The record references Cisco PSIRT advisory CSCzu78401 plus the official CVE and NVD detail pages.
Official resources
-
CVE-2017-3799 CVE record
CVE.org
-
CVE-2017-3799 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
- Source reference
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
Published by the source record on 2017-01-26; the NVD record was modified on 2026-05-13. Timing here reflects record publication and update dates, not a new vulnerability date.