CVE-2024-43685 (GCVE-0-2024-43685)
Vulnerability from cvelistv5 – Published: 2024-10-04 19:48 – Updated: 2025-08-29 20:21
VLAI?
Summary
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
Severity ?
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimeProvider 4100 |
Affected:
1.0 , < 2.4.7
(firmware)
|
Credits
Armando Huesca Prida
Marco Negro
Antonio Carriero
Vito Pistillo
Davide Renna
Manuel Leone
Massimiliano Brolli
TIM Security Red Team Research
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "timeprovider_4100_firmware",
"vendor": "microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T21:24:58.808883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T22:15:46.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"login"
],
"product": "TimeProvider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "1.0",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armando Huesca Prida"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Negro"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.\u003cp\u003eThis issue affects TimeProvider 4100: from 1.0 before 2.4.7.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:21:47.659Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-session-token-fixation"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"source": {
"advisory": "PSIRT-86",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-27T11:03:00.000Z",
"value": "Reported"
}
],
"title": "Session token fixation in TimeProvider 4100",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations.\n\n\u003cbr\u003e"
}
],
"value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-43685",
"datePublished": "2024-10-04T19:48:53.595Z",
"dateReserved": "2024-08-14T15:39:44.265Z",
"dateUpdated": "2025-08-29T20:21:47.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0\", \"versionEndExcluding\": \"2.4.7\", \"matchCriteriaId\": \"A6C4C166-7F0D-427E-87C6-D8AEF680CA42\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:microchip:timeprovider_4100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D36DAD3-0804-42B0-A47F-6895177560EE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de autenticaci\\u00f3n incorrecta en Microchip TimeProvider 4100 (m\\u00f3dulos de inicio de sesi\\u00f3n) permite el secuestro de sesi\\u00f3n. Este problema afecta a TimeProvider 4100: desde la versi\\u00f3n 1.0 hasta la 2.4.7.\"}]",
"id": "CVE-2024-43685",
"lastModified": "2024-10-17T15:17:20.217",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Amber\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"PASSIVE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"HIGH\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"USER\", \"valueDensity\": \"CONCENTRATED\", \"vulnerabilityResponseEffort\": \"MODERATE\", \"providerUrgency\": \"AMBER\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-10-04T20:15:06.830",
"references": "[{\"url\": \"https://www.gruppotim.it/it/footer/red-team.html\", \"source\": \"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-session-token-fixation\", \"source\": \"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-43685\",\"sourceIdentifier\":\"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\",\"published\":\"2024-10-04T20:15:06.830\",\"lastModified\":\"2025-09-29T21:40:36.973\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de autenticaci\u00f3n incorrecta en Microchip TimeProvider 4100 (m\u00f3dulos de inicio de sesi\u00f3n) permite el secuestro de sesi\u00f3n. Este problema afecta a TimeProvider 4100: desde la versi\u00f3n 1.0 hasta la 2.4.7.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Amber\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"USER\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndExcluding\":\"2.4.7\",\"matchCriteriaId\":\"A6C4C166-7F0D-427E-87C6-D8AEF680CA42\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microchip:timeprovider_4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D36DAD3-0804-42B0-A47F-6895177560EE\"}]}]}],\"references\":[{\"url\":\"https://www.gruppotim.it/it/footer/red-team.html\",\"source\":\"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-session-token-fixation\",\"source\":\"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43685\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-04T21:24:58.808883Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"microchip\", \"product\": \"timeprovider_4100_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.4.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-04T21:28:30.623Z\"}}], \"cna\": {\"title\": \"Session token fixation in TimeProvider 4100\", \"source\": {\"advisory\": \"PSIRT-86\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Armando Huesca Prida\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Marco Negro\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Antonio Carriero\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Vito Pistillo\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Davide Renna\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Manuel Leone\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Massimiliano Brolli\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"TIM Security Red Team Research\"}], \"impacts\": [{\"capecId\": \"CAPEC-593\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-593 Session Hijacking\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"CONCENTRATED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/R:U/V:C/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microchip\", \"modules\": [\"login\"], \"product\": \"TimeProvider 4100\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"2.4.7\", \"versionType\": \"firmware\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-06-27T11:03:00.000Z\", \"value\": \"Reported\"}], \"references\": [{\"url\": \"https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-session-token-fixation\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.gruppotim.it/it/footer/red-team.html\", \"tags\": [\"third-party-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"It is important to note that the web interface is only available on a \\nphysically separate management port and these vulnerabilities have no \\nimpact on the timing service ports. For added security, users have the \\noption to disable the web interface, further protecting the device from \\npotential web-based exploitations.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"It is important to note that the web interface is only available on a \\nphysically separate management port and these vulnerabilities have no \\nimpact on the timing service ports. For added security, users have the \\noption to disable the web interface, further protecting the device from \\npotential web-based exploitations.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.\u003cp\u003eThis issue affects TimeProvider 4100: from 1.0 before 2.4.7.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-613\", \"description\": \"CWE-613 Insufficient Session Expiration\"}]}], \"providerMetadata\": {\"orgId\": \"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\", \"shortName\": \"Microchip\", \"dateUpdated\": \"2025-08-29T20:21:47.659Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-43685\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-29T20:21:47.659Z\", \"dateReserved\": \"2024-08-14T15:39:44.265Z\", \"assignerOrgId\": \"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5\", \"datePublished\": \"2024-10-04T19:48:53.595Z\", \"assignerShortName\": \"Microchip\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…