CVE-2023-35767: 
Perforce Helix Core Server vulnerability analysis and mitigation

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) vulnerability via the shutdown function was identified. The vulnerability, tracked as CVE-2023-35767, was reported by security researcher Jason Geffner and received a CVSS v3.1 base score of 7.5 (HIGH) (NVD, CVE).

The vulnerability allows unauthenticated attackers to remotely induce a Denial of Service condition through remote commands. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, no privileges required, no user interaction needed, and high impact on availability (NVD).

The successful exploitation of this vulnerability can result in a Denial of Service condition, potentially disrupting the stability of critical systems running Perforce Helix Core Server. This is particularly concerning as Perforce Server is widely used across various industries including gaming, government, military, technology, and retail sectors (SOCRadar).

Organizations are strongly advised to update to Perforce Server version 2023.2 or later. Additional security measures recommended include using VPNs and IP allow-lists to restrict server communication, implementing TLS certificates for verified users, configuring alert systems for process crashes, and employing network segmentation (SOCRadar).