Improper Authentication Vulnerability Allows Session Hijacking in TimeProvider 4100
CVE-2024-43685

9.8CRITICAL

Key Information:

Vendor

Microchip

Status
Timeprovider 4100 Firmware
Vendor
CVE Published:
4 October 2024

What is CVE-2024-43685?

An improper authentication vulnerability exists in Microchip TimeProvider 4100 specifically in the login modules, which can be exploited to facilitate session hijacking. This flaw impacts any version from 1.0 to before version 2.4.7, allowing attackers to potentially leverage active sessions without proper authorization. Users of the TimeProvider 4100 are encouraged to apply necessary patches and follow security best practices to mitigate these risks.

References

https://www.microchip.com/en-us/solutions/technologies/em...
https://www.gruppotim.it/it/footer/red-team.html

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-43685 : Improper Authentication Vulnerability Allows Session Hijacking in TimeProvider 4100