CVE-2024-43683 HIGH

CVE-2024-43683: Improper verification of the Host header in TimeProvider 4100

Vendor Microchip

Product TimeProvider 4100

Weakness CWE-601 · Open redirect

Published October 4, 2024

Last update November 1, 2024

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.

Key dates

02Disclosure timeline

October 4, 2024 CVE published

November 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-43683 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

04Related CVE

CVE-2023-22264 AEM URL Redirection to Untrusted Site Security feature bypass CVE-2023-6812 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Open Redirect via css CVE-2025-30953 WordPress WP Gravity Forms Salesforce plugin <= 1.4.7 - Open Redirection Vulnerability CVE-2023-22265 AEM URL Redirection to Untrusted Site Security feature bypass CVE-2026-25651 client-certificate-auth has an Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect