Microchip TimeProvider 4100 vulnerable to CSRF and XSS Attacks
CVE-2024-43684

8.8HIGH

Key Information:

Vendor: Microchip
Status: Timeprovider 4100
Vendor: CVE Published:; 4 October 2024

What is CVE-2024-43684?

A security vulnerability affecting the Microchip TimeProvider 4100 has been identified, which is related to Cross-Site Request Forgery (CSRF). This flaw could potentially enable attackers to execute unauthorized commands on behalf of legitimate users, compromising the integrity of the system. The affected version includes the TimeProvider 4100 starting from 1.0. Additionally, the exploitation of this vulnerability may lead to Cross-Site Scripting (XSS), posing further risks. It is critical for users of this product to be aware of the potential implications and take necessary precautions to protect their systems.

Affected Version(s)

TimeProvider 4100 1.0 <= 2.4.7

References

https://www.gruppotim.it/it/footer/red-team.html

third-party-advisory

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2024

Credit

Armando Huesca Prida

Marco Negro

Antonio Carriero

Vito Pistillo

Davide Renna

Manuel Leone

Massimiliano Brolli

TIM Security Red Team Research