Vulnerability Description: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Software Version: 23.70.00
NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-49328
CVSv3: 7.2
Severity: High
Credits: Lucas Gabriel Alves, Francesco Oriolo, Vanderlei Silva de Oliveira Junior, Alessandro Sabetta, Massimiliano Brolli
On a B.POINT server (on premises) running OS Linux, during the authentication phase, a validate system user was potentially able to carry out a “remote code execution (RCE)” attack by exploiting a vulnerability in a “server-to-server” communication module.