Vulnerability Description
Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ws-C2940-8Tf-S Firmware | < 12.2\(50\)sy |
| Cisco | Ws-C2940-8Tf-S | - |
| Cisco | Ws-C2940-8Tt-S Firmware | < 12.2\(50\)sy |
| Cisco | Ws-C2940-8Tt-S | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN94363766/index.htmlThird Party Advisory
- https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switcVendor Advisory
- https://jvn.jp/en/jp/JVN94363766/index.htmlThird Party Advisory
- https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switcVendor Advisory
FAQ
What is CVE-2022-31734?
CVE-2022-31734 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the w...
How severe is CVE-2022-31734?
CVE-2022-31734 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31734?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ws-C2940-8Tf-S Firmware, Cisco Ws-C2940-8Tf-S, Cisco Ws-C2940-8Tt-S Firmware, Cisco Ws-C2940-8Tt-S.