Microchip TimeProvider 4100 Vulnerable to XSS Attacks
CVE-2024-43687

7.7HIGH

Key Information:

Vendor: Microchip
Status: Timeprovider 4100
Vendor: CVE Published:; 4 October 2024

What is CVE-2024-43687?

An issue has been identified in Microchip's TimeProvider 4100 that allows for improper neutralization of user inputs during web page generation, leading to potential Cross-Site Scripting (XSS) attacks. This vulnerability impacts various versions of TimeProvider 4100, specifically those ranging from version 1.0 up to 2.4.7. If exploited, attackers can execute malicious scripts within the context of the affected application, posing significant security risks to users. It is crucial for organizations using this product to implement necessary security measures and updates to mitigate potential threats.

Affected Version(s)

TimeProvider 4100 1.0 < 2.4.7

TimeProvider 4100 2.4.16 < 2.5

References

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

https://www.gruppotim.it/it/footer/red-team.html

third-party-advisory

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2024