PatchSiren cyber security CVE debrief

CVE-2017-3841 Cisco CVE debrief

CVE-2017-3841 affects the Cisco Secure Access Control System (ACS) web interface and can expose sensitive information to an unauthenticated remote attacker. The supplied NVD data rates the issue as CVSS 3.0 7.5 (HIGH) with a network attack vector and no privileges or user interaction required.

Vendor: Cisco
Product: CVE-2017-3841
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-22
Original CVE updated: 2026-05-13
Advisory published: 2017-02-22
Advisory updated: 2026-05-13

Who should care

Cisco ACS administrators, security operations teams, and asset owners responsible for legacy Cisco authentication and access-control infrastructure should review this issue, especially where ACS 5.8(2.5) is still deployed.

Technical summary

The NVD record describes an information disclosure weakness (CWE-200) in the Cisco Secure Access Control System web interface. The vulnerability is remotely reachable over the network, requires no authentication, and has no user interaction requirement. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating confidentiality impact only. The record identifies Cisco ACS 5.8(2.5) as a known affected release.

Defensive priority

High. Even without integrity or availability impact, unauthenticated disclosure from an internet-reachable management interface can expose credentials, configuration data, or other sensitive operational details that increase follow-on risk.

Recommended defensive actions

Confirm whether Cisco Secure Access Control System (ACS) 5.8(2.5) or related ACS web interfaces are deployed in your environment.
Review the Cisco security advisory linked in the record for vendor guidance and remediation options.
Restrict network access to ACS management interfaces so they are not exposed to untrusted networks.
Monitor authentication, admin, and web-access logs for unusual or unauthenticated access to the ACS interface.
Apply Cisco-recommended updates or compensating controls where supported by your deployment and lifecycle constraints.
Inventory any sensitive data that may have been exposed through the interface and rotate or revoke impacted secrets if exposure is suspected.

Evidence notes

All statements are based on the supplied NVD/CVE corpus and the Cisco advisory reference included in the record. The record shows CVE publication at 2017-02-22T02:59:00.573Z and later modification at 2026-05-13T00:24:29.033Z; the modified date reflects record maintenance, not a new vulnerability date. No exploit code, weaponized reproduction, or unsupported impact claims are included.

Official resources

CVE-2017-3841 CVE record
CVE.org
CVE-2017-3841 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Published by the CVE record on 2017-02-22; the supplied record was last modified on 2026-05-13. No KEV listing is present in the provided data.