CVE-2017-3824 Cisco CVE debrief

Who should care

Cisco cBR-8 Converged Broadband Router owners, network operations teams, and security teams responsible for Cisco IOS XE lifecycle management should prioritize this issue, especially if vulnerable releases are still deployed in production broadband edge environments.

Technical summary

NVD describes the flaw as a weakness in Cisco IOS XE list header handling affecting Cisco cBR-8 Converged Broadband Routers. The reported consequence is a remotely triggered reload leading to denial of service. NVD assigns CWE-119 and lists CVSS 3.0 6.8 (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H). Cisco’s description names affected releases 15.5(3)S and 15.6(1)S, with fixed releases including 15.5(3)S2, 15.6(1)S1, 15.6(2)S, 15.6(2)SP, and 16.4(1).

Defensive priority

Medium-High

Recommended defensive actions

• Identify Cisco cBR-8 Converged Broadband Routers in your environment and inventory the installed Cisco IOS XE release.
• Compare installed versions with the known affected and fixed releases listed by Cisco and NVD.
• Upgrade to a fixed Cisco IOS XE release from Cisco’s advisory guidance as soon as operationally feasible.
• Validate that maintenance and rollback procedures are ready before changing router software on production broadband infrastructure.
• Monitor affected devices for unexpected reloads or other denial-of-service symptoms until remediation is complete.

Evidence notes

This debrief is based on the supplied Cisco/NVD corpus: the NVD record published on 2017-02-03 and modified on 2026-05-13, the Cisco vendor advisory reference linked by NVD, and the NVD CVSS/CWE data. The supported facts are limited to unauthenticated remote DoS via list header handling on Cisco cBR-8 routers running vulnerable IOS XE releases.

Official resources