CVE-2017-3835 Cisco CVE debrief

Who should care

Cisco ISE administrators, identity and access management teams, and vulnerability managers responsible for sponsor portal exposure and patching should prioritize this issue, especially where version 1.4(0.908) is in use.

Technical summary

The NVD record maps CVE-2017-3835 to CWE-89 and lists Cisco Identity Services Engine Software 1.4(0.908) as a vulnerable affected release. The vulnerability is in the sponsor portal and stems from SQL injection, allowing an authenticated remote attacker to access notices owned by other users. The NVD CVSS v3.0 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

High priority. The issue is remotely reachable, requires only low privileges, and is assigned a high CVSS score. Organizations running the affected Cisco ISE release should treat remediation as urgent for any exposed or business-critical deployment.

Recommended defensive actions

• Verify whether Cisco Identity Services Engine release 1.4(0.908) is deployed anywhere in your environment.
• Review the Cisco Security Advisory for CVE-2017-3835 and apply the vendor-recommended remediation or upgrade path.
• Restrict access to the sponsor portal to trusted administrative networks while remediation is planned.
• Audit sponsor portal activity and review for unauthorized access to notices or anomalous database-backed requests.
• Track compensating controls and confirm remediation across test, staging, and production instances.

Evidence notes

This debrief is based on the official NVD CVE record, which lists the Cisco vendor advisory reference, the affected Cisco ISE release 1.4(0.908), CWE-89, and the CVSS v3.0 vector. The supplied Cisco description states the sponsor portal SQL injection could let an authenticated remote attacker access notices owned by other users. The CVE was published on 2017-02-22; the later modified timestamp is not treated as the issue date.

Official resources