Axon Code installations on Windows are subject to unauthenticated Remote Code Execution due to a failure to properly sanitize Windows-specific command line escape sequences.

The vulnerability exists in the command auto-approval module where a Unix-based shell-quote library is used to validate commands on Windows. An unauthenticated attacker can use the ^ character to deceive the parser into auto-approving a command that contains a malicious payload executed by the underlying Windows CMD interpreter.

The impact is critical, as it allows for arbitrary Remote Code Execution (RCE). Attackers can gain complete control over the affected server, leading to data breaches, service disruption, and potential lateral movement within the corporate network. The CVSS score of 9.8 reflects the high exploitability and severe impact on confidentiality, integrity, and availability.

Immediate Action: Update the Axon Code software to the latest version which contains the corrected command parsing logic.

Proactive Monitoring: Monitor Windows event logs for suspicious cmd.exe child processes originating from the Axon Code service account.

Compensating Controls: Deploy a Web Application Firewall (WAF) to inspect and block incoming requests containing shell metacharacters and escape sequences directed at the auto-approval module.

Public Exploit Available: false

The reliance on incompatible libraries for security-critical functions creates a significant vulnerability. It is imperative that administrators apply the vendor-provided patch immediately. Failure to do so leaves the environment exposed to high-impact RCE attacks that can be triggered without any user interaction or authentication.