PatchSiren cyber security CVE debrief

CVE-2017-3801 Cisco CVE debrief

CVE-2017-3801 is a privilege-escalation issue in Cisco UCS Director’s web-based GUI. If Developer Menu is enabled, an authenticated local user with only an end-user profile can bypass intended role-based access control and add catalogs containing arbitrary workflow items, potentially triggering actions that affect other tenants.

Vendor: Cisco
Product: CVE-2017-3801
CVSS: HIGH 8.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-15
Original CVE updated: 2026-05-13
Advisory published: 2017-02-15
Advisory updated: 2026-05-13

Who should care

Cisco UCS Director administrators, IAM/RBAC owners, and teams responsible for multi-tenant workflow governance on affected 6.0.0.0 and 6.0.0.1 deployments should prioritize this issue.

Technical summary

Cisco’s advisory and the NVD record describe improper RBAC enforcement after Developer Menu is enabled in Cisco UCS Director. The affected versions are 6.0.0.0 and 6.0.0.1. An authenticated local attacker with an end-user profile can enable Developer Mode for that profile, add new catalogs with arbitrary workflow items, and then execute the actions defined by those items. NVD lists the primary weakness as CWE-863 (Incorrect Authorization) and the CVSS vector as AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Defensive priority

High. The CVSS score is 8.8 and the flaw can turn a low-privilege authenticated account into a path for cross-tenant workflow abuse, so affected UCS Director instances should be reviewed promptly.

Recommended defensive actions

Verify whether Cisco UCS Director 6.0.0.0 or 6.0.0.1 is deployed anywhere in the environment.
Review Cisco’s vendor advisory for the product-specific mitigation guidance and any available fixes or workarounds.
Check whether Developer Menu or Developer Mode can be enabled for non-administrative profiles and restrict it to trusted administrative roles only.
Audit workflow/catalog permissions and remove or tightly control catalogs that expose powerful actions to end users.
Review logs and tenant activity for unexpected catalog creation or workflow execution by low-privilege accounts.
If the product is no longer required, decommission it or isolate it from general user access until a vendor-supported remediation is in place.

Evidence notes

All substantive claims here are drawn from the supplied Cisco/NVD corpus: the vulnerability affects Cisco UCS Director 6.0.0.0 and 6.0.0.1; it is an authenticated local privilege-escalation issue tied to improper RBAC after Developer Menu is enabled; and the primary weakness is CWE-863 per NVD. The CVSS vector and severity are taken from the NVD metadata. The CVE publication date used for timing context is 2017-02-15.

Official resources

CVE-2017-3801 CVE record
CVE.org
CVE-2017-3801 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE-2017-3801 was published on 2017-02-15. The later modified date in the source metadata should not be treated as the issue date.