What Organizations Need to Know About CVE-2023-45849 on Perforce Helix Core Server
A risk has brewed in the software world, with four critical vulnerabilities discovered in Perforce Helix Core Server, a staple platform for managing source code in industries like gaming, government, and technology. Microsoft, vigilant security researchers, uncovered these vulnerabilities and promptly notified Perforce.
The most alarming, CVE-2023-45849, is a Remote Code Execution (RCE) vulnerability with a CVSS score of 10.0, allowing unauthenticated attackers to commandeer systems as LocalSystem. This gaping security flaw could potentially lead to the implantation of backdoors, theft of intellectual properties, and compromise of enterprise infrastructures.
The other vulnerabilities, while less severe, are no less concerning. CVE-2023-5759, CVE-2023-35767, and CVE-2023-45319, all with a CVSS score of 7.5, could precipitate Denial of Service (DoS) attacks, disrupting the stability of critical systems. Microsoft’s probe revealed over 1,000 exposed Perforce Server instances, a sobering reminder of the widespread implications.
In response to these findings, Perforce has released an updated version of their server (2023.1/2513900) to mitigate these vulnerabilities. Customers are urged to update their systems to this latest version, a vital step in fortifying defenses against potential exploitation.
Furthermore, Microsoft recommends implementing a robust defense-in-depth strategy. This includes regular monitoring and patch application, utilizing VPNs and IP allow-lists, issuing TLS certificates, and employing network segmentation. These measures not only reduce the risk of exploitation but also enhance the overall resilience of the digital infrastructure against evolving cyber threats.
“Extend vulnerability and risk detection beyond the firewall with platforms like Microsoft Defender External Attack Surface Management. Customers can identify internet-exposed infrastructure running Perforce Server in their inventory and use the insights tile under the Attack Surface Summary dashboard to surface assets vulnerable to CVE-2023-5759, CVE-2023-45849, CVE-2023-35767, and CVE-2023-45319,” Microsoft wrote.
