Microchip TimeProvider 4100 vulnerable to CSRF and XSS Attacks
CVE-2024-43684

8.7HIGH

Key Information:

Vendor: Microchip
Status: Timeprovider 4100
Vendor: CVE Published:; 4 October 2024

What is CVE-2024-43684?

A security vulnerability affecting the Microchip TimeProvider 4100 has been identified, which is related to Cross-Site Request Forgery (CSRF). This flaw could potentially enable attackers to execute unauthorized commands on behalf of legitimate users, compromising the integrity of the system. The affected version includes the TimeProvider 4100 starting from 1.0. Additionally, the exploitation of this vulnerability may lead to Cross-Site Scripting (XSS), posing further risks. It is critical for users of this product to be aware of the potential implications and take necessary precautions to protect their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TimeProvider 4100 1.0 <= 2.4.7

References

https://www.gruppotim.it/it/footer/red-team.html

third-party-advisory

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Oct 4, 2024

Credit

Armando Huesca Prida

Marco Negro

Antonio Carriero

Vito Pistillo

Davide Renna

Manuel Leone

Massimiliano Brolli

TIM Security Red Team Research

JSON

Microchip

What is CVE-2024-43684?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.