CVE-2024-0642 - Vulnerability Details - OpenCVE

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00381.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Cires21	Live Encoder

Configuration 1 [-]

cpe:2.3:a:cires21:live_encoder:5.3:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

The vulnerability has been resolved by the Cires21 team in the latest software version of the affected products, which was released in the last week of November.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products

History

Mon, 02 Jun 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-01-17T13:43:28.433Z

Updated: 2025-06-02T15:05:45.346Z

Reserved: 2024-01-17T10:35:32.669Z

Link: CVE-2024-0642

Vulnrichment

Updated: 2024-08-01T18:11:35.621Z

NVD

Status : Modified

Published: 2024-01-17T14:15:43.470

Modified: 2024-11-21T08:47:03.273

Link: CVE-2024-0642

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0642", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2024-01-17T10:35:32.669Z", "datePublished": "2024-01-17T13:43:28.433Z", "dateUpdated": "2025-06-02T15:05:45.346Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "C21 Live Encoder and Live Mosaic", "vendor": "Cires21", "versions": [{"status": "affected", "version": "5.3 "}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Konrad Kowal Karp"}], "datePublic": "2024-01-17T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management."}], "value": "Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-01-17T13:43:28.433Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerability has been resolved by the Cires21 team in the latest software version of the affected products, which was released in the last week of November."}], "value": "The vulnerability has been resolved by the Cires21 team in the latest software version of the affected products, which was released in the last week of November."}], "source": {"discovery": "UNKNOWN"}, "title": "Inadequate access control in C21 Live Encoder and Live Mosaic", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.621Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T15:41:06.804590Z", "id": "CVE-2024-0642", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-02T15:05:45.346Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.621Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0642", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-08T15:41:06.804590Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T15:41:08.298Z"}}], "cna": {"title": "Inadequate access control in C21 Live Encoder and Live Mosaic", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Konrad Kowal Karp"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Cires21", "product": "C21 Live Encoder and Live Mosaic", "versions": [{"status": "affected", "version": "5.3 "}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The vulnerability has been resolved by the Cires21 team in the latest software version of the affected products, which was released in the last week of November.", "supportingMedia": [{"type": "text/html", "value": "The vulnerability has been resolved by the Cires21 team in the latest software version of the affected products, which was released in the last week of November.", "base64": false}]}], "datePublic": "2024-01-17T11:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management.", "supportingMedia": [{"type": "text/html", "value": "Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-01-17T13:43:28.433Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0642", "state": "PUBLISHED", "dateUpdated": "2025-06-02T15:05:45.346Z", "dateReserved": "2024-01-17T10:35:32.669Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2024-01-17T13:43:28.433Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cires21:live_encoder:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "B2C78451-CFDE-49B0-994A-08E33D8B5A04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management."}, {"lang": "es", "value": "Control de acceso inadecuado en el producto C21 Live Encoder y Live Mosaic, versi\u00f3n 5.3. Esta vulnerabilidad permite que un atacante remoto acceda a la aplicaci\u00f3n como usuario administrador a trav\u00e9s del endpoint de la aplicaci\u00f3n, debido a la falta de una gesti\u00f3n de credenciales adecuada."}], "id": "CVE-2024-0642", "lastModified": "2024-11-21T08:47:03.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-17T14:15:43.470", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}