Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL VULNERABILITY IN PERFORCE HELIX CORE SERVER
Image
Published : 20/12/2023
Reference:
Advisory #2023-151
Version:
1.0
Affected software:
Perforce Helix Core Server
Type:
Remote Code Execution
CVE/CVSS:
CVE-2023-45849: CVSS 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-5759: CVSS 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-2023-35767: CVSS 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-2023-45319: CVSS 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Sources
Risks
The 4 flaws discovered by Microsoft mainly involve denial of service (DoS) issues. The most severe vulnerability allows arbitrary remote code execution as LocalSystem by unauthenticated attackers.
Description
Microsoft fixed 4 security issues in Perforce Helix Core Server, used in gaming and by government, military, tech, and retail groups. These issues could be exploited remotely without needing a login.
Perforce Server users should update to version 2023.1/2513900 from Perforce's website. The worst issue, scored 9.8 (10.0 by Microsoft) on the CVSS scale, lets attackers remotely run code with full system rights.
Attackers could misuse this to add harmful code to software, steal secrets, and attack key business systems. No current misuse has been found, but Microsoft warns that the main issue could let attackers take over unpatched systems and their networks.
Recommended Actions
The Centre for Cyber security Belgium recommends system administrators patch vulnerable systems as soon as possible. Analyze system and network logs for any suspicious activity.
Patch
The Centre for Cyber Security Belgium strongly recommends installing updates for vulnerable software with the highest priority, after thorough testing.
The latest version of the involved product can be found on their website: https://www.perforce.com/downloads/helix-core-p4d
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.