Microsoft researchers have conducted a thorough analysis and identified four vulnerabilities in the Perforce Helix Core server, a widely used source management tool. This product is active in various sectors, including the gaming industry, state institutions, military, and technology sectors.
Among the vulnerabilities discovered, one of them, CVE-2023-45849, is considered critical with the highest danger rating on the CVSS scale, scoring 9.8 points. This vulnerability allows attackers to execute arbitrary code with the rights of the Localsystem system account, which poses significant risks such as installing backdoors, unauthorized access to confidential data, and complete control over the compromised system.
The other three vulnerabilities, with a CVSS assessment of 7.5, are related to denial-of-service (DOS) issues. Exploiting these vulnerabilities can cause server malfunctions, potentially resulting in substantial financial losses, particularly in large-scale deployments.
A brief description of the consequences of the vulnerabilities:
CVE-2023-5759 (CVSS 7.5): DOS attack without authentication, using remote RPC protocol.
CVE-2023-45849 (CVSS 9.8): Execution of arbitrary code with Localsystem rights without authentication.
CVE-2023-35767 (CVSS 7.5): DOS attack without authentication through a remote team.
CVE-2023-45319 (CVSS 7.5): Similar to a DOS attack through a remote team.
Microsoft strongly advises companies to take the following actions:
Update Perforce Helix Core to version 2023.1/2513900, which was released on November 7, 2023.
Regularly update software and apply all available security patches.
Limit access through VPN and maintain a list of permitted IP addresses to enhance control.
Use TLS editions combined with proxy servers to verify user authenticity.
Configure monitoring systems and incident notification for information security and IT specialists.
Consider network segmentation to limit the consequences of possible breaches.
It is important to note that although these vulnerabilities pose a high level of danger, Microsoft has not recorded any real-world cases of their exploitation. Nevertheless, it is crucial to