CVE-2022-31734

Name of the Vulnerable Software and Affected Versions Cisco Catalyst 2940 Series Switches versions prior to 12.2(50)SY

Description The issue exists due to inadequate protection of the web page structure, allowing for a reflected cross-site scripting attack. This can enable a remote attacker to execute an arbitrary script on the user's web browser. The affected devices have been retired since January 2015.

Recommendations For versions prior to 12.2(50)SY, update to version 12.2(50)SY or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface of the Cisco Catalyst 2940 Series Switches to minimize the risk of exploitation.