CVE-2023-45849

Name of the Vulnerable Software and Affected Versions Helix Core versions prior to 2023.2

Description An arbitrary code execution issue was discovered, resulting in privilege escalation. This issue allows a remote attacker to execute arbitrary code with system account privileges. The vulnerability is related to incorrect code generation management. It was reported by Jason Geffner. Microsoft researchers found four vulnerabilities in Perforce Helix Core, including this critical one, which can be exploited by unauthenticated attackers. Three other vulnerabilities are related to denial-of-service (DoS) issues, allowing attackers to cause server disruptions.

Recommendations For Helix Core versions prior to 2023.2, update to version 2023.1/2513900 or later, released on November 7, 2023. Additionally, to reduce the risk, consider restricting access using VPN or IP whitelisting, use TLS proxy certificates for user authentication, log all accesses to Perforce Server, and use network segmentation to localize potential breaches. As a temporary workaround, consider restricting access to the vulnerable server until a patch is applied.