PatchSiren cyber security CVE debrief
CVE-2017-3822 Cisco CVE debrief
CVE-2017-3822 is a Cisco Firepower Threat Defense logging subsystem issue that can let an unauthenticated remote attacker add arbitrary entries to the audit log on affected Firepower Device Manager-enabled appliances. The vulnerability is rated medium severity and was addressed in Cisco Firepower Threat Defense Software 6.2.0.
- Vendor
- Cisco
- Product
- CVE-2017-3822
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-03
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-03
- Advisory updated
- 2026-05-13
Who should care
Security teams operating Cisco Firepower Threat Defense 6.1.x appliances, especially ASA5506-X, ASA5506W-X, ASA5506H-X, ASA5508-X, ASA5516-X, ASA5512-X, ASA5515-X, ASA5525-X, ASA5545-X, and ASA5555-X deployments with Firepower Device Manager enabled. Logging, audit, and compliance owners should also care because the issue affects audit-log integrity.
Technical summary
NVD describes the flaw as a remote, network-reachable issue with no privileges or user interaction required, where the impact is limited to integrity of the audit log. The NVD CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, and the weakness classification is CWE-20. The affected CPE entry in the source corpus maps to Cisco Firepower Threat Defense 6.1.0, with Cisco's advisory reference indicating the broader 6.1.x product line when Firepower Device Manager is enabled.
Defensive priority
Medium priority. The issue does not indicate confidentiality or availability impact, but it can undermine trust in audit records and complicate detection, investigation, and compliance workflows.
Recommended defensive actions
- Upgrade affected Cisco Firepower Threat Defense deployments to the fixed release noted in the source corpus: 6.2.0.
- Verify whether Firepower Device Manager is enabled on any vulnerable ASA5506-X/5506W-X/5506H-X/5508-X/5516-X/5512-X/5515-X/5525-X/5545-X/5555-X appliances running 6.1.x.
- Review audit-log integrity controls and alerting to detect unexpected or inconsistent log entries.
- Use the Cisco vendor advisory and NVD record to confirm exposure scope against your environment.
- Prioritize remediation where audit logs are used for incident response, compliance evidence, or security monitoring.
Evidence notes
The source corpus identifies CVE-2017-3822 as affecting Cisco Firepower Threat Defense Software 6.1.x with Firepower Device Manager enabled on specific ASA models, and states that 6.2.0 is the known fixed release. NVD metadata classifies the issue as CWE-20 and provides the CVSS v3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. References in the corpus include Cisco's vendor advisory URL and third-party advisory entries.
Official resources
-
CVE-2017-3822 CVE record
CVE.org
-
CVE-2017-3822 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
- Source reference
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Published 2017-02-03T07:59:00.890Z; modified 2026-05-13T00:24:29.033Z in the supplied record. Use the publication timestamp for disclosure context.