PatchSiren cyber security CVE debrief

CVE-2017-3843 Cisco CVE debrief

CVE-2017-3843 is an access-control weakness in Cisco Prime Collaboration Assurance file download functions. An authenticated remote attacker could download system files that should have remained restricted. Cisco/NVD published the issue on 2017-02-22, and NVD rates it Medium with CVSS 4.3.

Vendor: Cisco
Product: CVE-2017-3843
CVSS: MEDIUM 4.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-22
Original CVE updated: 2026-05-13
Advisory published: 2017-02-22
Advisory updated: 2026-05-13

Who should care

Administrators and security teams responsible for Cisco Prime Collaboration Assurance deployments, especially environments running affected releases. Any system exposing the file download feature to authenticated users should be reviewed.

Technical summary

The vulnerability is described as a file download function flaw that can allow an authenticated remote attacker to retrieve restricted system files. NVD maps the weakness to CWE-20 and lists vulnerable CPEs for Cisco Prime Collaboration Assurance 11.0.0, 11.1.0, and 11.5.0. The CVSS vector is AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating network reachability with required login privileges and limited confidentiality impact.

Defensive priority

Medium. The issue does not indicate code execution or service disruption, but it can expose restricted system data to authenticated users. Prioritize if the product is internet-accessible, widely used, or contains sensitive operational data.

Recommended defensive actions

Confirm whether Cisco Prime Collaboration Assurance is deployed and identify the exact version.
Treat 11.0.0, 11.1.0, and 11.5.0 as affected based on the NVD CPE list; also review Cisco's advisory linked from the NVD record.
Restrict access to the application to trusted administrative networks and limit the number of users who can reach file download features.
Apply Cisco's remediation guidance or vendor updates referenced by the advisory when available.
Review logs for unusual or high-volume file download activity by authenticated accounts.
If immediate remediation is not possible, reduce exposure by tightening authentication, authorization, and network access controls around the application.

Evidence notes

All statements above are based on the supplied NVD record and its Cisco vendor-advisory reference. The NVD description states that an authenticated remote attacker could download restricted system files. NVD lists vulnerable CPEs for Cisco Prime Collaboration Assurance 11.0.0, 11.1.0, and 11.5.0 and assigns CVSS 3.0 vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Official resources

CVE-2017-3843 CVE record
CVE.org
CVE-2017-3843 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Published in the CVE record on 2017-02-22. NVD shows the record was modified on 2026-05-13.