CVE-2023-45849: 
Perforce Helix Core Server vulnerability analysis and mitigation

An arbitrary code execution vulnerability (CVE-2023-45849) was discovered in Perforce Helix Core Server versions prior to 2023.2. The vulnerability, reported by Jason Geffner, allows unauthenticated attackers to execute code with LocalSystem privileges. This critical vulnerability received a CVSS score of 9.8 from NIST and 9.0 from Perforce (NVD, SOCRadar).

The vulnerability stems from the mishandling of the user-bgtask RPC command by the server. In its default configuration, Perforce Server allows unauthenticated attackers to remotely execute various commands, including PowerShell scripts, as LocalSystem - a highly privileged Windows OS account designated for system functions. This account level facilitates access to local resources, system files, and the modification of registry settings (Register, SOCRadar).

The exploitation of this vulnerability could allow attackers to install backdoors, access sensitive information, change system settings, and potentially take complete control of a system running a vulnerable Perforce Server version. The impact extends beyond the vulnerable component, posing a risk to software supply chains and connected infrastructure. An attacker with system-level remote code execution access can insert backdoors into software products and exfiltrate source code and other intellectual property (Register, SecurityOnline).

Organizations are strongly advised to update to Perforce Server version 2023.1/2513900 or later to address this vulnerability. Additional security measures recommended include: using a VPN and/or IP allow-list to restrict communication with Perforce Server, issuing TLS certificates to verified Perforce users, implementing a TLS termination proxy, logging all access to Perforce instances, configuring alert systems for process crashes, and employing network segmentation (Register).