Home Latest Cyber Security News | Network Security Hacking Multiple Vulnerabilities Found In Perforce Helix Core Server
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Multiple Vulnerabilities Found In Perforce Helix Core Server

by Abeerah Hashim
written by Abeerah Hashim
Palo Alto Networks Pan-OS zero-day vulnerability under active attack

Microsoft’s security team researchers discovered numerous security vulnerabilities in the Perforce Helix Core Server platform. One of these includes a critical severity remote code execution flaw. Microsoft urges users to update their systems with the latest software versions to receive the relevant security fixes.

Microsoft Warns Users Of Severe Perforce Helix Core Server Vulnerabilities

In a recent post, Microsoft elaborated on the Perforce Helix Core Server vulnerabilities that its researchers discovered during a security review. An unauthenticated adversary could exploit the vulnerabilities to trigger denial of service on the target systems or execute arbitrary codes.

Briefly, they found the following four vulnerabilities riddling the platform.

  • CVE-2023-45849 (CVSS 9.8): Unauthenticated DoS via rmt-UpdtFovrCommit RPC Command. The vulnerability allowed system-level access (LocalSystem) to unauthenticated remote attackers. Exploiting the flaw could let the attacker implant backdoors into the target software, exfiltrate Source codes, and steal other information.
  • CVE-2023-5759 (CVSS 7.5): Unauthenticated DoS via RPC Header Abuse
  • CVE-2023-35767 (CVSS 7.5): Unauthenticated DoS via rmt-Shutdown RPC Command
  • CVE-2023-45319 (CVSS 7.5): Unauthenticated DoS via rmt-UpdtFovrCommit RPC Command

Microsoft has shared a detailed technical analysis of these vulnerabilities and how they discovered them in their post.

After discovering the vulnerabilities, Microsoft responsibly disclosed the flaws to the vendors in August 2023. Followbug report, the vendors started working on developing the relevant security fixes, deploying them all for the users with Perforce Server version 2023.1/2513900. Users must upgrade to this (or the latest) version to avoid potential threats.

Perforce Helix Core Server is a dedicated source code management platform, providing users with a central location to store codes, files, and digital assets. The platform boasts a huge user base from various sectors, such as government, military, gaming, and technology. Its clientele includes some prominent tech giants, including Microsoft.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...