Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core

CVE-2023-35767

7.5HIGH

Key Information

Vendor: Helix
Status: Helix Core; Helix Swarm
Vendor: CVE Published:; 8 November 2023

Badges

📰 News Worthy

Summary

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.

Affected Version(s)

Helix Core < 2023.2

Helix Core < 2023.1 Patch 2

Helix Core < 2022.2 Patch 3

News Articles

Dark Reading

CVE-2023-45849 CVE-2023-35767

Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover

The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors.

1 year ago

References

https://perforce.com

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by Dark Reading
Dec 19, 2023
Vulnerability published
Nov 8, 2023
Vulnerability Reserved
Oct 24, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)