CVE-2024-0643: Unrestricted upload of dangerous file types in C21 Live Encoder and Live Mosaic

10.0 CVSS

Description

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.

Classification

CVE ID: CVE-2024-0643

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem Types

CWE-434 Unrestricted Upload of File with Dangerous Type

Affected Products

Vendor: Cires21

Product: C21 Live Encoder and Live Mosaic

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.32% (probability of being exploited)

EPSS Percentile: 54.47% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0643
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products

Timeline

2025-06-02 16:40:12 UTC
CVE

Unrestricted upload of dangerous file types in C21 Live Encoder and Live Mosaic