PT-2024-16205 · Perforce · Helix Core
Published
2024-11-11
·
Updated
2024-11-12
·
CVE-2024-10345
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Helix Core versions prior to 2024.2
Description
An unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. The issue was reported by Karol Więsek.
Recommendations
For Helix Core versions prior to 2024.2, update to version 2024.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the shutdown function to minimize the risk of exploitation.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Helix Core