Summary
Microsoft has identified several vulnerabilities in Perforce Helix Core Server, the most critical of which is CVE-2023-45849. With a CVSS score of 9.8, this vulnerability allows arbitrary code execution which results in privilege escalation. This vulnerability manifests if the administrator setting up the server does not run the “p4 protect” command immediately after installing the server. Without this command, an unauthenticated anonymous attacker could run arbitrary command lines (powershell) as LocalSystem when Perforce Server is installed in its default configuration.
Impact Assessment
This very high impact, high severity vulnerability impacts Perforce Helix Core Server Up to version 2023.2. It allows an unauthenticated remote attacker to perform arbitrary commands in the context of LocalSystem. Microsoft has also provided a detailed explanation of the vulnerability with examples on how to exploit it.
What it means for you
If your organization uses Perforce Helix Core Server, update to the latest version and be sure to run the p4 protect command at installation. Following the vendor instructions for installation is always a best practice and in this case, would have resolved the vulnerability.
Remediation
Update Perforce Helix Core Server to 2023.2
Follow vendor instructions for installation.
Business Implications
Exploitation of this vulnerability could have consequences detrimental to the business. It can result in data loss from data exfiltration, loss of access to a core server, possibility of lateral movement, monetary loss because of incident response, etc. This all depends on the attacker’s intention and ability as well as your organization’s defensive posture.
Access Point Technology Recommends
Patch: There is a patch for this vulnerability available from the vendor. Update as soon as possible, there is no evidence of exploitation yet, but that tends to change when vendors release detailed vulnerability analysis like Microsoft has done with this vulnerability.
Follow vendor recommendations: This patch could have been mitigated if vendor recommendations were followed during installation as this vulnerability is a result of not following installation instructions and leaving a default configuration. It is always best practice to follow vendor instructions/documentation as well as change default passwords/settings to more secure variants that work for your business.
Associated Bulletins
https://nvd.nist.gov/vuln/detail/CVE-2023-45849
https://www.microsoft.com/en-us/security/blog/2023/12/15/patching-perforce-perforations-critical-rce-vulnerability-discovered-in-perforce-helix-core-server/
https://www.perforce.com/manuals/p4sag/Content/P4SAG/Home-p4sag.html
.webp)
.png)
