CVE-2017-3839

medium

Cisco

CVSS v3 Base Score

4.3

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.4%

Exploitation probability in 30 days

Top 39% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

Low

Integrity

None

Availability

None

Published: February 22, 2017 (3368 days ago)

Last Modified: May 13, 2026

Vendor: Cisco

Source: NVD

Description

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5).

CWE

CWE-611

Affected Products

cisco secure access control system

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 tools.cisco.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com

CVE-2017-3839

Vulnerability Report

Description

CWE

Affected Products

References