PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-3804 Cisco CVE debrief

CVE-2017-3804 is a medium-severity Cisco Nexus NX-OS vulnerability in IS-IS packet processing that can let an unauthenticated, adjacent attacker trigger a reload of an affected switch. The issue is described as a crash in the FabricPath domain when processing a crafted link-state packet. For network operators, the practical risk is an availability impact on affected Nexus 5000, 6000, and 7000 Series switches running vulnerable NX-OS releases.

Vendor
Cisco
Product
CVE-2017-3804
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2017-01-26
Original CVE updated
2026-05-13
Advisory published
2017-01-26
Advisory updated
2026-05-13

Who should care

Network and infrastructure teams operating Cisco Nexus 5000/6000/7000 switches, especially where IS-IS and FabricPath are enabled or adjacency is present. SREs and incident responders should also care because the bug can cause an unexpected reload and service interruption.

Technical summary

The NVD record describes the flaw as an IS-IS protocol packet-processing problem in Cisco NX-OS that can be triggered by an adjacent, unauthenticated attacker. The CVSS v3.0 vector is AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H, indicating adjacent attack conditions with high availability impact and no direct confidentiality or integrity impact. Cisco’s description notes a switch crash tied to an __inst_001__isis_fabricpath hap reset while handling a crafted link-state packet in the FabricPath domain. The record lists affected NX-OS releases and fixed releases, with Cisco advisory references included in the NVD metadata.

Defensive priority

High for environments that use the affected NX-OS releases and have reachable IS-IS/FabricPath adjacency, because the vulnerability can cause a device reload and outage. The issue is not known to be in CISA KEV in the supplied data, but operational impact can still be significant.

Recommended defensive actions

  • Identify Cisco Nexus 5000, 6000, and 7000 Series switches running the affected NX-OS versions listed in the advisory and NVD record.
  • Upgrade to a fixed NX-OS release from the Cisco advisory / NVD record as soon as practical.
  • Review whether IS-IS and FabricPath adjacency is necessary on exposed segments and minimize unnecessary Layer 2/L3 adjacency.
  • Monitor affected switches for unexpected reloads or crash events and validate post-upgrade stability.
  • Use the Cisco advisory and NVD entry to confirm the exact fixed release path for each deployed train.

Evidence notes

This debrief is based on the supplied CVE description and NVD metadata. Key evidence: the vulnerability allows an unauthenticated adjacent attacker to cause a reload; the crash occurs while processing a crafted link-state packet in FabricPath; the CVSS vector is AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H; and the record includes Cisco advisory references plus affected/fixed release data. The CVE/NVD publication date supplied is 2017-01-26.

Official resources

The supplied CVE record shows publication on 2017-01-26. Cisco vendor advisory references are included in the NVD metadata, and the issue is not marked as a KEV entry in the supplied data.