CVE-2023-35767 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2023-35767?

CVE-2023-35767 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated remote attackers to trigger a shutdown function in Helix Core servers, causing denial of service. All Helix Core servers running versions before 2023.2 are affected, potentially disrupting Perforce version control services.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to trigger a shutdown function in Helix Core servers, causing denial of service. All Helix Core servers running versions before 2023.2 are affected, potentially disrupting Perforce version control services.

💻 Affected Systems

Products:

Helix Core Server (Perforce)

Versions: All versions prior to 2023.2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Helix Core by Perforce

View all CVEs affecting Helix Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of Helix Core server, disrupting all version control operations and potentially affecting development workflows.

🟠

Likely Case

Targeted DoS attacks causing service interruptions, requiring manual restart of Helix Core services.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthenticated access to vulnerable endpoints.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing servers particularly vulnerable to DoS attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability to disrupt services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires minimal technical skill to exploit due to unauthenticated access and simple shutdown trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.2 or later

Vendor Advisory: https://perforce.com

Restart Required: Yes

Instructions:

1. Download Helix Core version 2023.2 or later from Perforce website. 2. Stop Helix Core services. 3. Install the updated version. 4. Restart Helix Core services. 5. Verify service functionality.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Helix Core server to trusted IP addresses only

# Use firewall rules to restrict access
# Example: iptables -A INPUT -p tcp --dport 1666 -s trusted_ip -j ACCEPT
# iptables -A INPUT -p tcp --dport 1666 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to Helix Core servers
Deploy network-based intrusion prevention systems (IPS) to detect and block DoS attempts

🔍 How to Verify

Check if Vulnerable:

Check Helix Core server version using 'p4d -V' command and compare against vulnerable version range

Check Version:

p4d -V

Verify Fix Applied:

Verify version is 2023.2 or later using 'p4d -V' and test service functionality

📡 Detection & Monitoring

Log Indicators:

Unexpected shutdown events in Helix Core logs
Multiple connection attempts from unauthenticated sources
Service restart events without administrative action

Network Indicators:

Unusual traffic patterns to Helix Core shutdown endpoints
Multiple connection attempts from single sources
Traffic spikes followed by service unavailability

SIEM Query:

source="helix_core.log" AND (shutdown OR restart) AND NOT user=authenticated_user

📊 Metadata

CVE ID: CVE-2023-35767

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: November 8, 2023

Last Updated: November 21, 2024

🔗 References

https://perforce.com Vendor Advisory
https://perforce.com Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35767, you might also want to check these: