Reflected Cross-Site Scripting Vulnerability in Cisco Catalyst 2940 Series Switches
CVE-2022-31734

6.1MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Catalyst 2940 Series Switches
Vendor
CVE Published:
20 June 2022

What is CVE-2022-31734?

Cisco Catalyst 2940 Series Switches are affected by a reflected cross-site scripting vulnerability that occurs during error page generation. This issue allows an attacker to inject arbitrary scripts, which could be executed in the web browser of users accessing the affected product. The vulnerability impacts any firmware version prior to 12.2(50)SY, and it's important to note that these switches were retired in January 2015, making them especially vulnerable to exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Catalyst 2940 Series Switches firmware versions prior to 12.2(50)SY

References

https://www.cisco.com/c/en/us/obsolete/switches/cisco-cat...
x_refsource_MISC
https://jvn.jp/en/jp/JVN94363766/index.html
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.