PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-3828 Cisco CVE debrief

CVE-2017-3828 is a Cisco web-management cross-site scripting issue affecting Unified Communications Manager Switches. According to the official CVE/NVD record, an unauthenticated remote attacker could trigger XSS against a user of the web-based management interface. The NVD record classifies the flaw as CWE-79 and rates it CVSS 3.0 6.1 (Medium). Cisco listed affected releases 11.0(1.10000.10) and 11.5(1.10000.6), with fixed releases identified in the vendor advisory reference.

Vendor
Cisco
Product
Unified Communications Manager
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-22
Original CVE updated
2026-05-13
Advisory published
2017-02-22
Advisory updated
2026-05-13

Who should care

Cisco Unified Communications Manager Switches administrators, UC platform security teams, and anyone responsible for the web-based management interface on affected devices. Organizations running the affected releases should treat this as a patching and access-control priority for administrative interfaces.

Technical summary

The official NVD record describes an XSS weakness in the web-based management interface of Cisco Unified Communications Manager Switches. The CVSS 3.0 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network reachability, no privileges required, and a user interaction requirement. NVD maps the issue to CWE-79. The source corpus identifies affected releases 11.0(1.10000.10) and 11.5(1.10000.6), and Cisco-referenced fixed releases include 11.0(1.23063.1), 11.5(1.12029.1), 11.5(1.12900.11), 11.5(1.12900.21), 11.6(1.10000.4), and multiple 12.0 builds.

Defensive priority

Medium

Recommended defensive actions

  • Upgrade affected Cisco Unified Communications Manager Switches to a Cisco-fixed release listed in the advisory references.
  • Restrict access to the web-based management interface to trusted administrative networks or VPN paths.
  • Ensure the management interface is not exposed broadly on untrusted networks, especially internet-facing segments.
  • Review administrative workflows and user training for the web UI, since the CVSS vector requires user interaction.
  • After remediation, verify the running firmware/software version matches a fixed release and continue monitoring the management interface for abnormal behavior.

Evidence notes

This debrief is based only on the supplied official CVE/NVD corpus and the Cisco advisory reference included there. The NVD record provides the CVSS 3.0 vector, CWE-79 classification, affected versions, and vendor-linked references. The CVE publication date is 2017-02-22; the later NVD modified timestamp of 2026-05-13 reflects record maintenance, not the original disclosure date.

Official resources

CVE published on 2017-02-22 in the official CVE/NVD record. The supplied NVD source item was last modified on 2026-05-13, which indicates database maintenance rather than a new vulnerability disclosure date.