WARNING: CRITICAL VULNERABILITY IN PERFORCE HELIX CORE SERVER
Référence:
Advisory #2023-151
Version:
1.0
Logiciels concernés :
Perforce Helix Core Server
Type:
Remote Code Execution
CVE/CVSS:
CVE-2023-45849: CVSS 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-5759: CVSS 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-2023-35767: CVSS 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-2023-45319: CVSS 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Date:
20/12/2023
Sources
Risques
The 4 flaws discovered by Microsoft mainly involve denial of service (DoS) issues. The most severe vulnerability allows arbitrary remote code execution as LocalSystem by unauthenticated attackers.
Description
Microsoft fixed 4 security issues in Perforce Helix Core Server, used in gaming and by government, military, tech, and retail groups. These issues could be exploited remotely without needing a login.
Perforce Server users should update to version 2023.1/2513900 from Perforce's website. The worst issue, scored 9.8 (10.0 by Microsoft) on the CVSS scale, lets attackers remotely run code with full system rights.
Attackers could misuse this to add harmful code to software, steal secrets, and attack key business systems. No current misuse has been found, but Microsoft warns that the main issue could let attackers take over unpatched systems and their networks.
Actions recommandées
The Centre for Cyber security Belgium recommends system administrators patch vulnerable systems as soon as possible. Analyze system and network logs for any suspicious activity.
Patch
The Centre for Cyber Security Belgium strongly recommends installing updates for vulnerable software with the highest priority, after thorough testing.
The latest version of the involved product can be found on their website: https://www.perforce.com/downloads/helix-core-p4d
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.