CVE-2024-0643

Published: Jan 17, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.

Affected (1)

Products: Cires21: Live Encoder

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cires21 Live Encoder	Version 5.3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products

Source: cve-coordination@incibe.es

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.