Search a vulnerability

All the vulnerabilites related to Cisco Systems, Inc. - Cisco Catalyst 2940 Series Switches

cve-2022-31734

Vulnerability from cvelistv5

Published

2022-06-20 09:50

Modified

2024-08-03 07:26

Severity ?

Summary

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015

References

▼	URL	Tags
	https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switches.html	x_refsource_MISC
	https://jvn.jp/en/jp/JVN94363766/index.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Cisco Systems, Inc.	Cisco Catalyst 2940 Series Switches

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:26:01.103Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switches.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN94363766/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Catalyst 2940 Series Switches",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to 12.2(50)SY"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-20T09:50:09",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switches.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN94363766/index.html"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-31734",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Catalyst 2940 Series Switches",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware versions prior to 12.2(50)SY"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switches.html",
              "refsource": "MISC",
              "url": "https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switches.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN94363766/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN94363766/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-31734",
    "datePublished": "2022-06-20T09:50:09",
    "dateReserved": "2022-06-02T00:00:00",
    "dateUpdated": "2024-08-03T07:26:01.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}