Arbitrary Code Execution in Helix Core
CVE-2023-45849

9.8CRITICAL

Key Information:

Vendor: Helix
Status: Helix Core
Vendor: CVE Published:; 8 November 2023

Badges

📰 News Worthy

What is CVE-2023-45849?

An arbitrary code execution vulnerability has been identified in Helix Core, which can lead to privilege escalation. This affects all versions prior to 2023.2, posing a significant risk for users. It is crucial for organizations using Helix Core to address this vulnerability promptly to protect their systems from potential exploitation.

Affected Version(s)

Helix Core 0.0.0 < 2023.2

Helix Core 0.0.0 < 2023.1 Patch 2

Helix Core 0.0.0 < 2022.2 Patch 3

News Articles

Penetration Testing

CVE-2023-4001 CVE-2023-45849

Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems

CVE-2023-4001 is an authentication bypass flaw in GRUB. GRUB is the gatekeeper of the booting process in many UEFI-based computers

Dark Reading

CVE-2023-45849 CVE-2023-35767

Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover

The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors.

References

https://perforce.com

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Dark Reading
Dec 19, 2023
Vulnerability published
Nov 8, 2023
Vulnerability Reserved
Oct 24, 2023