PatchSiren cyber security CVE debrief

CVE-2017-3821 Cisco CVE debrief

CVE-2017-3821 is a reflected cross-site scripting flaw in the serviceability page of Cisco Unified Communications Manager. Cisco’s advisory is referenced by NVD, and the vulnerability is described as remotely reachable by an unauthenticated attacker. Because successful XSS can run in a user’s browser with the privileges of the viewing session, administrators should treat exposed management interfaces as sensitive until patched.

Vendor: Cisco
Product: CVE-2017-3821
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-22
Original CVE updated: 2026-05-13
Advisory published: 2017-02-22
Advisory updated: 2026-05-13

Who should care

Cisco Unified Communications Manager administrators, voice/telephony platform owners, and security teams responsible for management-plane exposure and web application hardening.

Technical summary

NVD maps this issue to CWE-79 and a CVSS 3.0 vector of AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network reachability, no privileges required, and user interaction needed. The supplied corpus identifies Cisco Unified Communications Manager 10.5(2.14076.1) as affected and lists fixed releases 12.0(0.98000.209), 12.0(0.98000.478), and 12.0(0.98000.609). The flaw is specifically described as a reflected XSS issue in the serviceability page.

Defensive priority

Medium; raise to high priority if the CUCM serviceability page is accessible beyond tightly controlled admin networks or if untrusted users can reach the interface.

Recommended defensive actions

Upgrade Cisco Unified Communications Manager to a listed fixed release: 12.0(0.98000.209), 12.0(0.98000.478), or 12.0(0.98000.609).
Restrict access to the serviceability page and related management interfaces to trusted administrative networks only.
Verify deployed CUCM versions against the affected release explicitly named in the supplied record, 10.5(2.14076.1).
Review browser-facing admin workflows for reflected input handling and remove unnecessary exposure of the serviceability interface.
Monitor administrative sessions for unexpected page content, redirects, or script-injection indicators consistent with XSS abuse.

Evidence notes

The source corpus is the NVD CVE record for CVE-2017-3821, published on 2017-02-22 and modified on 2026-05-13. NVD cites Cisco PSIRT references and classifies the weakness as CWE-79 with CVSS vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The description in the supplied record states that an unauthenticated remote attacker could conduct reflected XSS attacks against the serviceability page. The record also names one affected release and three fixed releases. No KEV listing or ransomware association is present in the supplied data.

Official resources

CVE-2017-3821 CVE record
CVE.org
CVE-2017-3821 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed on 2017-02-22; the supplied NVD record was last modified on 2026-05-13.