PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-3839 Cisco CVE debrief

CVE-2017-3839 is an XML External Entity (XXE) vulnerability in the web-based user interface of Cisco Secure Access Control System (ACS). Cisco and NVD describe the impact as read access to part of the information stored on the affected system. The NVD record classifies the issue as CVSS 3.0 4.3 (MEDIUM) and maps it to CWE-611. The affected release called out in the supplied data is ACS 5.8(2.5).

Vendor
Cisco
Product
CVE-2017-3839
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-22
Original CVE updated
2026-05-13
Advisory published
2017-02-22
Advisory updated
2026-05-13

Who should care

Administrators and security teams responsible for Cisco Secure Access Control System (ACS), especially environments still running the affected 5.8(2.5) release. Anyone exposing the ACS web UI to untrusted networks should review this issue promptly.

Technical summary

The vulnerability is an XXE weakness in the ACS web-based interface, which can let crafted XML input cause the application to disclose information from the system. The supplied description says the attacker may be unauthenticated and remote, while the NVD CVSS vector indicates network attackability with low complexity and no user interaction, but also lists PR:L. Because that access-detail mismatch exists in the supplied sources, the safest interpretation is to treat the issue as a network-reachable information-disclosure flaw and verify exposure against Cisco's advisory before making remediation assumptions.

Defensive priority

Medium. The issue is limited to information disclosure rather than code execution or service disruption, but it affects a network-facing administrative interface and is associated with an official Cisco advisory.

Recommended defensive actions

  • Identify whether Cisco Secure Access Control System (ACS) 5.8(2.5) is deployed anywhere in the environment.
  • Review Cisco's vendor advisory for the affected release and apply Cisco-recommended remediation or upgrade guidance.
  • Restrict access to the ACS web-based user interface to trusted administrative networks only.
  • Monitor ACS logs and surrounding authentication/access logs for unexpected requests or data exposure attempts.
  • Inventory dependent systems and credentials or data stored in ACS to understand the sensitivity of information that could be disclosed.
  • If the affected release is still in use, prioritize migration away from it as part of normal lifecycle management.

Evidence notes

Source corpus ties this CVE to Cisco ACS 5.8(2.5), CWE-611, and CVSS 3.0 vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The description states the issue could allow an unauthenticated remote attacker to read part of the information stored on the affected system. Because the supplied sources differ on privilege requirements, the access conditions should be validated against Cisco's advisory rather than assumed from one field alone. No KEV entry was supplied.

Official resources

NVD published the CVE on 2017-02-22 and later modified the record on 2026-05-13. The supplied data includes a Cisco vendor advisory reference; no Known Exploited Vulnerabilities (KEV) entry was provided.