CVE-2024-43683

EPSS 0.21%
Veröffentlicht 04.10.2024 20:15:06
Zuletzt bearbeitet 01.11.2024 16:15:08
Quelle dc3f6da9-85b5-4a73-84a2-2ec90b
CVE-Watchlists
Login
Unerledigt
Login

Improper verification of the Host header in TimeProvider 4100

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microchip ≫ Timeprovider 4100 Firmware Version >= 1.0 < 2.4.7

Microchip ≫ Timeprovider 4100 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.436

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5	8.7	0	0	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Amber

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://www.gruppotim.it/it/footer/red-team.html

Third Party Advisory

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-improper-verification-of-host-header

https://nvd.nist.gov/vuln/detail/CVE-2024-43683

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43683

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43683

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-43683