InfCode Remote Code Execution Vulnerability

A critical command filtering vulnerability has been identified in InfCode's terminal auto-execution module, allowing malicious PowerShell commands to bypass security measures and execute arbitrarily. The vulnerability arises from an ineffective blacklist that fails to cover high-risk native commands and lacks dynamic semantic parsing to recognize string concatenation, variable assignments, or double-quote interpolation in Shell syntax. This oversight enables syntax obfuscation to evade interception. Attackers can exploit this by crafting files with harmful instructions for remote code injection, which are executed by the Agent without user confirmation, potentially leading to unauthorized command execution or sensitive data leakage.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected system or the leakage of sensitive data.