PatchSiren cyber security CVE debrief

CVE-2017-3840 Cisco CVE debrief

CVE-2017-3840 is an open redirect vulnerability in the web interface of Cisco Secure Access Control System (ACS). According to the CVE record, an unauthenticated remote attacker could redirect a user to a malicious web page. Cisco identifies the issue in ACS 5.8(2.5), and NVD classifies it as CWE-601 with a CVSS 3.0 score of 6.1 (Medium).

Vendor: Cisco
Product: CVE-2017-3840
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-22
Original CVE updated: 2026-05-13
Advisory published: 2017-02-22
Advisory updated: 2026-05-13

Who should care

Administrators and security teams responsible for Cisco Secure Access Control System, especially anyone exposing the ACS web interface to user traffic. Identity, access management, and help desk teams should also care because the issue can be used to send users from a trusted interface to an attacker-controlled page.

Technical summary

The vulnerability is an open redirect in the ACS web interface. NVD lists the weakness as CWE-601 and the vector as CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network reachability, no privileges required, and user interaction required. The impact is redirecting users to a malicious page rather than direct system compromise. The affected release listed in the source corpus is Cisco Secure Access Control System 5.8(2.5).

Defensive priority

Medium. The issue can facilitate phishing or trust abuse, but the supplied data does not indicate active exploitation or KEV inclusion.

Recommended defensive actions

Review Cisco's security advisory for CVE-2017-3840 and follow the vendor's remediation guidance.
If Cisco ACS 5.8(2.5) is in use, prioritize moving to a fixed or supported version identified by Cisco.
Limit exposure of the ACS web interface to trusted administrative networks where possible.
Warn users and admins that redirects from trusted ACS pages should be treated carefully, especially if the destination is unexpected.
Check logs and access patterns for suspicious redirect behavior or unusual navigation to external pages.

Evidence notes

The CVE record and NVD entry both identify the issue as an open redirect affecting Cisco Secure Access Control System. NVD lists the vulnerable CPE as cisco:secure_access_control_system:5.8(2.5), weakness CWE-601, and CVSS vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The supplied references include Cisco's vendor advisory and third-party references (SecurityFocus BID 96238 and SecurityTracker 1037837). CVE publishedAt and sourcePublishedAt are 2017-02-22T02:59:00.543Z; modifiedAt and sourceModifiedAt are 2026-05-13T00:24:29.033Z.

Official resources

CVE-2017-3840 CVE record
CVE.org
CVE-2017-3840 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed on 2017-02-22 in the supplied CVE/NVD record. The supplied data shows a later NVD modification date of 2026-05-13. No KEV entry is present in the supplied enrichment.