CyberWatch

Critical Vulnerability in Perforce Helix Core Server

By

By

Access Point Consulting

Summary

Microsoft has identified several vulnerabilities in Perforce Helix Core Server, the most critical of which is CVE-2023-45849. With a CVSS score of 9.8, this vulnerability allows arbitrary code execution which results in privilege escalation. This vulnerability manifests if the administrator setting up the server does not run the “p4 protect” command immediately after installing the server. Without this command, an unauthenticated anonymous attacker could run arbitrary command lines (powershell) as LocalSystem when Perforce Server is installed in its default configuration.

Impact Assessment

This very high impact, high severity vulnerability impacts Perforce Helix Core Server Up to version 2023.2. It allows an unauthenticated remote attacker to perform arbitrary commands in the context of LocalSystem. Microsoft has also provided a detailed explanation of the vulnerability with examples on how to exploit it.

What it means for you

If your organization uses Perforce Helix Core Server, update to the latest version and be sure to run the p4 protect command at installation. Following the vendor instructions for installation is always a best practice and in this case, would have resolved the vulnerability.

Remediation

Update Perforce Helix Core Server to 2023.2

Follow vendor instructions for installation.

Business Implications

Exploitation of this vulnerability could have consequences detrimental to the business. It can result in data loss from data exfiltration, loss of access to a core server, possibility of lateral movement, monetary loss because of incident response, etc. This all depends on the attacker’s intention and ability as well as your organization’s defensive posture.

Access Point Technology Recommends

Patch: There is a patch for this vulnerability available from the vendor. Update as soon as possible, there is no evidence of exploitation yet, but that tends to change when vendors release detailed vulnerability analysis like Microsoft has done with this vulnerability.

Follow vendor recommendations: This patch could have been mitigated if vendor recommendations were followed during installation as this vulnerability is a result of not following installation instructions and leaving a default configuration. It is always best practice to follow vendor instructions/documentation as well as change default passwords/settings to more secure variants that work for your business.

Associated Bulletins

https://nvd.nist.gov/vuln/detail/CVE-2023-45849

https://www.microsoft.com/en-us/security/blog/2023/12/15/patching-perforce-perforations-critical-rce-vulnerability-discovered-in-perforce-helix-core-server/

https://www.perforce.com/manuals/p4sag/Content/P4SAG/Home-p4sag.html

Resources

Trending Articles & Security Reports

Resources

CyberWatch

November 22, 2024

Patch Updates, New Malware Threats, and the Ongoing Supply Chain Battle

On this episode of the CyberWatch podcast, there are updates to software across the application and OS spectrum. New malicious campaigns are threatening victims of all sizes, and researchers have performed dissections on malware to give defenders new clues about just what it is they're fighting. All this today, in CyberWatch.

Find out more
October 25, 2024

Ransomware, Supply Chain Attacks, and Nation-State Threats

CyberWatch, by Access Point Consulting, is your weekly source for emerging cybersecurity news, regulatory updates, and threat intelligence. Backed by experts in security consulting, regulatory compliance, and security operations, Access Point enables you to manage cyber risks, respond to incidents, and drive innovation in your company. Read here or on our website; listen on Spotify or Apple Podcasts; or watch on YouTube.website; listen on Spotify or Apple Podcasts; or watch on YouTube. .

Find out more
October 7, 2024

VINs and Losses: How Hackers Take Kias for a Ride

In the age of smart cars and connected devices, convenience often comes with hidden risks. A recently discovered critical vulnerability in Kia vehicles serves as a stark reminder of how our increasingly digital world is making cars new targets for cyberattacks. This vulnerability allowed hackers to remotely control various vehicle functions—using nothing more than a car's license plate number. It highlights the growing threat of cyberattacks on connected cars and the importance of cybersecurity in the automotive industry.

Find out more