Login Sign Up

CVE-2024-0643

10.0 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2024-0643 is a critical unrestricted file upload vulnerability in C21 Live Encoder and Live Mosaic version 5.3 that allows remote attackers to upload dangerous file types without restrictions. This can lead to complete system compromise through remote code execution. Organizations using these specific Cires21 products are affected.

💻 Affected Systems

Products:
  • C21 Live Encoder
  • C21 Live Mosaic
Versions: 5.3
Operating Systems: Not specified - likely cross-platform
Default Config Vulnerable: ⚠️ Yes
Notes: Only version 5.3 is confirmed affected. Other versions may be vulnerable but not confirmed.

📦 What is this software?

Live Encoder by Cires21

View all CVEs affecting Live Encoder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with complete administrative control, data theft, ransomware deployment, and lateral movement across the network.

🟠

Likely Case

Remote code execution leading to web shell installation, data exfiltration, and system takeover.

🟢

If Mitigated

Attack blocked at perimeter with no successful exploitation due to proper file upload validation and network segmentation.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication from the internet.
🏢 Internal Only: HIGH - Even internally, this provides a critical attack vector for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Unrestricted file upload vulnerabilities are trivial to exploit with basic web penetration testing tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references - check vendor advisory

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products

Restart Required: Yes

Instructions:

1. Contact Cires21 for patch information 2. Apply vendor-provided update 3. Restart affected services 4. Verify fix implementation

🔧 Temporary Workarounds

Web Application Firewall Rules

all

Implement WAF rules to block file uploads with dangerous extensions

WAF-specific configuration required

Network Segmentation

all

Isolate affected systems from internet and restrict internal access

Firewall rules to block external access to affected ports

🧯 If You Can't Patch

  • Immediately isolate affected systems from internet and restrict to necessary internal access only
  • Implement strict file upload validation at reverse proxy or application layer

🔍 How to Verify

Check if Vulnerable:

Check product version in web interface or configuration files. If version is 5.3, assume vulnerable.

Check Version:

Check web interface or product documentation for version information

Verify Fix Applied:

Test file upload functionality with dangerous extensions (e.g., .php, .jsp, .exe) - should be rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads
  • Files with dangerous extensions in upload directories
  • Web shell access patterns

Network Indicators:

  • POST requests to upload endpoints with dangerous file types
  • Unusual outbound connections from affected systems

SIEM Query:

source="web_server" AND (uri="*upload*" OR uri="*file*" OR method="POST") AND (extension=".php" OR extension=".jsp" OR extension=".exe" OR extension=".asp")

📊 Metadata

CVE ID: CVE-2024-0643
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-434
Published: January 17, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0643, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)