Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-43684

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.

Published

2024-10-04T20:15:06.710

Last Modified

2024-11-01T17:15:17.127

Status

Modified

Source

dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-352
Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microchip	timeprovider_4100_firmware	< 2.4.7	Yes
Hardware	microchip	timeprovider_4100	-	No

References

https://www.gruppotim.it/it/footer/red-team.html Third Party Advisory (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)
https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-cross-site-request-forgery (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)