CVE-2022-31734

** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:ws-c2940-8tf-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ws-c2940-8tf-s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:ws-c2940-8tt-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ws-c2940-8tt-s:-:*:*:*:*:*:*:*

History

27 Jun 2022, 18:43

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
CWE CWE-79
First Time Cisco ws-c2940-8tf-s
Cisco ws-c2940-8tt-s
Cisco ws-c2940-8tf-s Firmware
Cisco ws-c2940-8tt-s Firmware
Cisco
References (MISC) https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switches.html - (MISC) https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switches.html - Vendor Advisory
References (MISC) https://jvn.jp/en/jp/JVN94363766/index.html - (MISC) https://jvn.jp/en/jp/JVN94363766/index.html - Third Party Advisory
CPE cpe:2.3:h:cisco:ws-c2940-8tt-s:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ws-c2940-8tf-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ws-c2940-8tt-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ws-c2940-8tf-s:-:*:*:*:*:*:*:*

20 Jun 2022, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-20 10:15

Updated : 2022-06-27 18:43


NVD link : CVE-2022-31734

Mitre link : CVE-2022-31734


JSON object : View

Products Affected

cisco

  • ws-c2940-8tf-s_firmware
  • ws-c2940-8tf-s
  • ws-c2940-8tt-s
  • ws-c2940-8tt-s_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')