Arbitrary Code Execution in Helix Core

CVE-2023-45849

9.8CRITICAL

Key Information

Vendor: Helix
Status: Helix Core
Vendor: CVE Published:; 8 November 2023

Badges

📰 News Worthy

Summary

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.

Affected Version(s)

Helix Core < 2023.2

Helix Core < 2023.1 Patch 2

Helix Core < 2022.2 Patch 3

News Articles

Penetration Testing

CVE-2023-4001 CVE-2023-45849

Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems

CVE-2023-4001 is an authentication bypass flaw in GRUB. GRUB is the gatekeeper of the booting process in many UEFI-based computers

11 months ago

Dark Reading

CVE-2023-45849 CVE-2023-35767

Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover

The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors.

1 year ago

Refferences

https://perforce.com

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by Dark Reading
Dec 19, 2023
Vulnerability published
Nov 8, 2023
Vulnerability Reserved
Oct 24, 2023

Collectors

NVD DatabaseMitre Database2 News Article(s)