Shulou(Shulou.com)12/24 Report--

CTOnews.com reported on December 19 that Perforce Helix Core Server recently exposed four vulnerabilities, one of which was rated as "critical".

CTOnews.com Note: Perforce Helix Core Server is a source code management platform widely used by games, government, military and technical departments.

Microsoft analysts found these vulnerabilities when they reviewed its game studio products and reported them to Perforce in late August 2023.

Microsoft said that although there is no evidence that hackers have used these vulnerabilities to launch attacks, it is recommended that users of the product upgrade to 2023.1 Compact 2513900, released on November 7, 2023, to reduce risk.

The four vulnerabilities discovered by Microsoft this time are mainly related to denial of service (DoS) issues, the most serious of which allow attackers to execute arbitrary remote code in LocalSystem mode without authentication.

The main contents of 4 vulnerabilities attached to CTOnews.com are as follows:

CVE-2023-5759 (CVSS score 7.5): unauthenticated (DoS) through misuse of RPC headers.

CVE-2023-45849 (CVSS score 9.8): executes unauthenticated remote code as a LocalSystem.

CVE-2023-35767 (CVSS score 7.5): unauthenticated DoS via remote commands.

CVE-2023-45319 (CVSS score 7.5): unauthenticated DoS via remote commands.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.