Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core
CVE-2023-35767

7.5HIGH

Key Information:

Vendor: Helix
Status: Helix Core; Helix Swarm
Vendor: CVE Published:; 8 November 2023

Badges

📰 News Worthy

What is CVE-2023-35767?

A vulnerability in Helix Core prior to version 2023.2 allows unauthenticated remote attackers to exploit the shutdown function, potentially triggering a Denial of Service condition. This could disrupt service availability, impacting user access and operational continuity.

Affected Version(s)

Helix Core 0.0.0 < 2023.2

Helix Core 0.0.0 < 2023.1 Patch 2

Helix Core 0.0.0 < 2022.2 Patch 3

News Articles

Dark Reading

CVE-2023-45849 CVE-2023-35767

Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover

The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors.

References

https://perforce.com

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Dark Reading
Dec 19, 2023
Vulnerability published
Nov 8, 2023
Vulnerability Reserved
Oct 24, 2023