PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-3806 Cisco CVE debrief

CVE-2017-3806 is a Cisco command-injection vulnerability in CLI command processing affecting Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance. According to the supplied records, an authenticated local attacker could inject arbitrary shell commands that the device executes. Cisco’s advisory and the NVD record both associate the issue with Firepower Threat Defense releases in the affected range, and Cisco lists fixed releases in the advisory metadata. The recorded severity is CVSS 5.3 (MEDIUM), with local access and limited confidentiality, integrity, and availability impact.

Vendor
Cisco
Product
CVE-2017-3806
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-03
Original CVE updated
2026-05-13
Advisory published
2017-02-03
Advisory updated
2026-05-13

Who should care

Administrators and security teams responsible for Cisco Firepower 4100/9300 appliances and Firepower Threat Defense deployments should review this issue, especially where local administrative access is available or where CLI access is exposed to trusted but non-fully-trusted operators.

Technical summary

The vulnerability is described as a flaw in CLI command processing that allows command injection. The attacker model in the supplied CVSS vector is local, low-privilege authenticated access (AV:L/PR:L), with no user interaction required. NVD maps the weakness to CWE-78 and lists vulnerable Firepower Threat Defense versions 5.3.0, 5.4.0, 6.0.0, 6.0.1, and 6.1.0. The supplied Cisco advisory metadata also names known affected release 2.0(1.68) and fixed releases 2.0(1.118), 2.1(1.47), 92.1(1.1646), 92.1(1.1763), and 92.2(1.101).

Defensive priority

Medium. The issue requires authenticated local access, but successful exploitation can still lead to arbitrary command execution on the appliance. Treat as a meaningful administrative-plane risk and prioritize remediation on exposed or multi-operator systems.

Recommended defensive actions

  • Confirm whether Cisco Firepower 4100 Series or Cisco Firepower 9300 appliances are in use.
  • Check installed Firepower Threat Defense or appliance release versions against the affected and fixed versions in the Cisco advisory and NVD record.
  • Apply the vendor-fixed release identified for your branch as soon as operationally feasible.
  • Restrict and monitor local CLI access to trusted administrators only.
  • Review administrative access logs for unexpected CLI activity around the affected period.
  • Track Cisco security advisories and NVD entries for any updates or clarifications related to this CVE.

Evidence notes

All claims are limited to the supplied CVE record and linked references. The CVE description states the vulnerability affects Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance, and that an authenticated local attacker can inject arbitrary shell commands. The NVD data supplied maps the weakness to CWE-78 and lists Firepower Threat Defense versions 5.3.0 through 6.1.0 as vulnerable. The supplied Cisco advisory reference provides the vendor source, while the SecurityFocus link is a third-party advisory/VDB entry. No KEV entry is present in the supplied data.

Official resources

Publicly disclosed on 2017-02-03T07:59:00.657Z per the supplied CVE record. The supplied source record was last modified on 2026-05-13T00:24:29.033Z. No KEV inclusion is present in the provided data.