PatchSiren cyber security CVE debrief

CVE-2017-3805 Cisco CVE debrief

CVE-2017-3805 is an unauthenticated, remote information disclosure issue in the web-based management interface of certain Cisco IOS and Cisco IOx deployments. Cisco identifies affected platforms as IR829, IR809, IE4K, and CGR1K, with NVD scoring the issue 5.3/Medium and classifying it as CWE-200.

Vendor: Cisco
Product: CVE-2017-3805
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-26
Original CVE updated: 2026-05-13
Advisory published: 2017-01-26
Advisory updated: 2026-05-13

Who should care

Network and infrastructure teams responsible for Cisco IR829, IR809, IE4K, and CGR1K platforms running Cisco IOS Software or Cisco IOx Software, especially where the web-based management interface is reachable from networks beyond tightly controlled admin access.

Technical summary

The vulnerability allows a remote attacker with no authentication and no user interaction to view confidential information displayed by the device's web-based management interface. NVD records the issue as CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N and maps it to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The supplied record ties the affected IOx version to 1.0(0) and cites Cisco advisory CSCvb20897 and Cisco security advisory cisco-sa-20170118-ios as references.

Defensive priority

Medium priority. The issue does not indicate integrity or availability impact, but it can expose sensitive management information over the network without authentication, so exposed management interfaces should be treated as a meaningful confidentiality risk.

Recommended defensive actions

Identify whether Cisco IR829, IR809, IE4K, or CGR1K devices are running the affected Cisco IOS/IOx release noted in the record (1.0(0)).
Limit exposure of the web-based management interface to trusted administrative networks only, and review whether any device management UI is reachable from broader or untrusted networks.
Follow Cisco's advisory guidance in cisco-sa-20170118-ios for fixed-version and remediation details.
Review device access logs and administrative activity for signs that confidential information may have been viewed through the management interface.

Evidence notes

The supplied record shows CVE publication on 2017-01-26T07:59:00.653Z. NVD lists a later modified timestamp of 2026-05-13T00:24:29.033Z, which is metadata maintenance and not the vulnerability's issue date. The description states that an unauthenticated remote attacker could view confidential information on the web-based management interface, affecting Cisco IOS Software and Cisco IOx Software on IR829, IR809, IE4K, and CGR1K platforms. NVD supplies CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N and CWE-200.

Official resources

CVE-2017-3805 CVE record
CVE.org
CVE-2017-3805 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed in January 2017; the supplied record's CVE published date is 2017-01-26.