{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43683", "assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "state": "PUBLISHED", "assignerShortName": "Microchip", "dateReserved": "2024-08-14T15:39:44.265Z", "datePublished": "2024-10-04T19:56:15.872Z", "dateUpdated": "2024-11-01T15:59:19.229Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "TimeProvider 4100", "vendor": "Microchip", "versions": [{"lessThan": "2.4.7", "status": "affected", "version": "1.0", "versionType": "firmware"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Armando Huesca Prida"}, {"lang": "en", "type": "finder", "value": "Marco Negro"}, {"lang": "en", "type": "finder", "value": "Antonio Carriero"}, {"lang": "en", "type": "finder", "value": "Vito Pistillo"}, {"lang": "en", "type": "finder", "value": "Davide Renna"}, {"lang": "en", "type": "finder", "value": "Manuel Leone"}, {"lang": "en", "type": "finder", "value": "Massimiliano Brolli"}, {"lang": "en", "type": "reporter", "value": "TIM Security Red Team Research"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.<p>This issue affects TimeProvider 4100: from 1.0.</p>"}], "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0."}], "impacts": [{"capecId": "CAPEC-86", "descriptions": [{"lang": "en", "value": "CAPEC-86 XSS Through HTTP Headers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "shortName": "Microchip", "dateUpdated": "2024-11-01T15:59:19.229Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-improper-verification-of-host-header"}, {"tags": ["third-party-advisory"], "url": "https://www.gruppotim.it/it/footer/red-team.html"}], "source": {"advisory": "PSIRT-88", "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-06-27T11:03:00.000Z", "value": "Reported"}], "title": "Improper verification of the Host header in TimeProvider 4100", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations.<br>"}], "value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "microchip", "product": "timeprovider_4100_firmware", "cpes": ["cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.4.7", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-04T21:24:56.897223Z", "id": "CVE-2024-43683", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T22:15:29.701Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43683", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-04T21:24:56.897223Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*"], "vendor": "microchip", "product": "timeprovider_4100_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.4.7", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T21:28:23.370Z"}}], "cna": {"title": "Improper verification of the Host header in TimeProvider 4100", "source": {"advisory": "PSIRT-88", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Armando Huesca Prida"}, {"lang": "en", "type": "finder", "value": "Marco Negro"}, {"lang": "en", "type": "finder", "value": "Antonio Carriero"}, {"lang": "en", "type": "finder", "value": "Vito Pistillo"}, {"lang": "en", "type": "finder", "value": "Davide Renna"}, {"lang": "en", "type": "finder", "value": "Manuel Leone"}, {"lang": "en", "type": "finder", "value": "Massimiliano Brolli"}, {"lang": "en", "type": "reporter", "value": "TIM Security Red Team Research"}], "impacts": [{"capecId": "CAPEC-86", "descriptions": [{"lang": "en", "value": "CAPEC-86 XSS Through HTTP Headers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/R:U/V:C/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Microchip", "product": "TimeProvider 4100", "versions": [{"status": "affected", "version": "1.0", "lessThan": "2.4.7", "versionType": "firmware"}], "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2024-06-27T11:03:00.000Z", "value": "Reported"}], "references": [{"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-improper-verification-of-host-header", "tags": ["vendor-advisory"]}, {"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["third-party-advisory"]}], "workarounds": [{"lang": "en", "value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations.", "supportingMedia": [{"type": "text/html", "value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations.<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.", "supportingMedia": [{"type": "text/html", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.<p>This issue affects TimeProvider 4100: from 1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "shortName": "Microchip", "dateUpdated": "2024-11-01T15:59:19.229Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43683", "state": "PUBLISHED", "dateUpdated": "2024-11-01T15:59:19.229Z", "dateReserved": "2024-08-14T15:39:44.265Z", "assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "datePublished": "2024-10-04T19:56:15.872Z", "assignerShortName": "Microchip"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6C4C166-7F0D-427E-87C6-D8AEF680CA42", "versionEndExcluding": "2.4.7", "versionStartIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:microchip:timeprovider_4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D36DAD3-0804-42B0-A47F-6895177560EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0."}, {"lang": "es", "value": "La vulnerabilidad de redirecci\u00f3n de URL a un sitio no confiable ('Redirecci\u00f3n abierta') en Microchip TimeProvider 4100 permite XSS a trav\u00e9s de encabezados HTTP. Este problema afecta a TimeProvider 4100: desde 1.0."}], "id": "CVE-2024-43683", "lastModified": "2024-11-01T16:15:08.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "type": "Secondary"}]}, "published": "2024-10-04T20:15:06.513", "references": [{"source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "tags": ["Third Party Advisory"], "url": "https://www.gruppotim.it/it/footer/red-team.html"}, {"source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-improper-verification-of-host-header"}], "sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5", "type": "Secondary"}]}

{}

{}