In August 2023, Microsoft’s security analysts unearthed critical vulnerabilities within the Perforce Helix Core Server, a widely utilized source code management platform across gaming, government, military, and technology sectors. These vulnerabilities, ranging from denial-of-service concerns to severe Remote Code Execution (RCE) risks, pose a significant threat to systems operating on vulnerable versions of the server.

Perforce Helix Core Vulnerabilities:

CVE ID CVSS Score Vulnerability Name
CVE-2023-5759 7.5 Unauthenticated (DoS) via RPC header abuse
CVE-2023-45849 9.8 Unauthenticated Remote Code Execution as LocalSystem
CVE-2023-35767 7.5 Unauthenticated DoS via remote command
CVE-2023-45319 7.5 Unauthenticated DoS via remote command

Perforce Helix Core RCE Vulnerability:

Microsoft’s security review of the Perforce Helix Core Server unveiled these flaws. The most severe, CVE-2023-45849, exploits the mishandling of the user-bgtask RPC command, permitting unauthenticated attackers to execute code as LocalSystem.

Through the exploitation of CVE-2023-45849, malicious actors possess the capability to implant backdoor access, gain entry to sensitive data, manipulate or establish alterations within system configurations, and potentially achieve full control over systems operating on susceptible versions of the Perforce Server. This vulnerability enables an unauthorized function call chain that ultimately culminates in executing commands, offering attackers significant control and access to the system’s core functionalities.

                    Microsoft’s function call cascade ending in command execution (Microsoft)

This details how Microsoft’s Perforce Helix Core Server (CVE-2023-45849) describes the step-by-step process an attacker can exploit to run unauthorized commands. It’s the pathway they follow through the software’s functions to gain control, potentially causing serious damage or unauthorized access.

Mitigation Strategies:

To safeguard systems against potential exploits of these vulnerabilities, consider implementing the following mitigation measures:

  1. Upgrade to Version 2023.1/2513900: Utilize the latest version released on November 7, 2023, to mitigate the identified risks.
  2. Regularly Update Third-Party Software: Keep all relevant software updated to prevent potential vulnerabilities.
  3. Restrict Access Using VPN or IP Allow-List: Employ access restriction techniques like VPNs or IP allow-listing to limit unauthorized entry.
  4. Use TLS Certificates with a Proxy for User Validation: Implement TLS certificates with a proxy to ensure secure user validation.
  5. Log All Access to the Perforce Server: Maintain comprehensive logs to track and investigate any suspicious activities or attempted breaches.
  6. Set Up Crash Alerts for IT and Security Teams: Enable timely alerts for crashes or system failures, ensuring quick responses to potential incidents.
  7. Implement Network Segmentation: Employ network segmentation techniques to contain breaches and limit their impact.

Reference:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5759

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35767

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45319

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45849

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45849