Open Nav
Sign Up

Multiple Vulnerabilities in Perforce Server

Multiple Vulnerabilities in Perforce Server

Bar Refael

December 26, 2023

We are issuing an urgent security advisory regarding recently discovered vulnerabilities in the Perforce source-code management platform, widely used across various industries. Microsoft has identified four critical flaws in Perforce Helix Core Server, with the most severe allowing for remote code execution (RCE) and network takeover.

Key Vulnerabilities and Implications:

  • Highly Privileged Access (CVE-2023-45849, CVSS 9.8): The most critical vulnerability enables unauthenticated attackers to execute code with LocalSystem privileges, potentially leading to complete system control, backdoor installation, sensitive data access, and system setting alterations.
  • Denial-of-Service Risks (CVE-2023-35767, CVE-2023-45319, CVE-2023-5759, CVSS 7.5 each): These vulnerabilities allow unauthenticated attackers to induce DoS attacks via remote commands and exploitation through RPC headers.
  • Impact on Software Development Life Cycle (SDLC): Given Perforce Server’s role in SDLC management, exploitation of these vulnerabilities could extend to connected information systems and the wider software supply chain.

Mitigation and Security Recommendations:

  • Immediate Update Required: Organizations using Perforce Server should immediately update to the patched version (2023.1/2513900) released by Perforce Software.
  • Enhanced Vigilance: Remain alert for any signs of exploitation and regularly monitor systems for unusual activities.
  • Comprehensive Patching Strategy: Regularly update not just Perforce but all third-party software.
  • Network Security Measures: Employ VPNs and/or IP allow-lists to restrict Perforce Server communication, issue TLS certificates to verified users, and implement TLS termination proxies.
  • Robust Logging and Monitoring: Ensure all access to Perforce instances is logged, and configure alert systems for immediate notifications in case of process crashes or suspicious activities.
  • Network Segmentation: Limit potential attack pivots within the network through effective segmentation.

OP Innovate’s Commitment:

We are closely monitoring this situation and are ready to assist you in implementing these security measures. Our team is dedicated to ensuring your organization’s cybersecurity resilience in the face of evolving threats.

Please reach out to us for any assistance or further information regarding this alert.

Resources highlights

Cisco IOS and IOS XE SNMP Zero-Day Actively Exploited (CVE-2025-20352)

Cisco disclosed CVE-2025-20352, a stack overflow in the SNMP subsystem of IOS and IOS XE, now confirmed as actively exploited in the wild. Attackers can…

Read more >

CVE-2025-20352

SolarWinds Web Help Desk (WHD) Unauthenticated RCE Patch-Bypass (CVE-2025-26399)

SolarWinds released Web Help Desk 12.8.7 Hotfix 1 to fix CVE-2025-26399, an unauthenticated remote code execution flaw in the AjaxProxy component caused by unsafe deserialization.…

Read more >

CVE-2025-26399

SonicWall Cloud Backup Compromise & Ongoing SSLVPN Exploitation

Threat actors gained access to MySonicWall cloud backup preference files after brute-forcing the vendor’s portal. These files, although encrypted, contain sensitive configuration data such as…

Read more >

sonicwall cloud

Ongoing Supply-Chain Attack Targeting npm Packages (aka “Shai-Hulud”)

Beginning on September 14, 2025, and accelerating over the next two days, attackers launched a large-scale supply-chain attack against the npm ecosystem. The campaign injected…

Read more >

Shai-Hulud

FBI Advisory: UNC6040/UNC6395 Targeting Salesforce Environments

The FBI has issued a FLASH advisory detailing activity from the threat groups UNC6040 and UNC6395, who are actively conducting data theft and extortion campaigns…

Read more >

salesforce fbi advisory

CVE-2024-40766: SonicWall SSL VPN Flaw Actively Exploited by Ransomware Threat Actors

CVE-2024-40766 is a critical improper access control vulnerability in SonicWall SonicOS management access/SSLVPN. Successful exploitation enables unauthorized access and can, in some cases, crash the…

Read more >

CVE-2024-40766
Under Cyber Attack?

Fill out the form and we will contact you immediately.