PT-2024-30612 · Microchip · Timeprovider 4100
Antonio Carriero
+6
·
Published
2024-10-04
·
Updated
2025-09-29
·
CVE-2024-43685
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Microchip TimeProvider 4100 versions 1.0 through 2.4.7
Description
The issue is related to improper authentication in the login modules of Microchip TimeProvider 4100, which allows session hijacking.
Recommendations
For versions 1.0 through 2.4.7, update to version 2.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the login modules to minimize the risk of session hijacking.
Fix
Improper Authentication
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Timeprovider 4100