| शीर्षक | SonicCloudOrg SonicServer 2.7.2 Code Injection |
|---|
| विवरण | The POST /exchange/send endpoint in sonic-server-controller is annotated with @WhiteUrl, which causes the platform's JWT authentication filter to unconditionally skip authentication for this endpoint. Any unauthenticated attacker can POST arbitrary JSON payloads to this endpoint, which are forwarded verbatim into the internal Transport WebSocket channel shared between the server and all connected Agents.
This allows an attacker to inject any internal protocol message — including runStep (triggering test execution), stopStep, or device control commands — without possessing any credentials.
When chained with V-S002 (Groovy unsandboxed execution), this vulnerability enables zero-authentication remote code execution on every Agent host managed by the Sonic Server. |
|---|
| स्रोत | ⚠️ https://github.com/xpp3901/CVE_APPLY/blob/main/V-S001_SonicCloudPlatform_Unauth_ExchangeSend |
|---|
| उपयोगकर्ता | xpp39 (UID 97299) |
|---|
| सबमिशन | 01/06/2026 05:30 AM (1 महीना पहले) |
|---|
| संयम | 11/07/2026 02:24 PM (1 month later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 377804 [SonicCloudOrg sonic-agent तक 2.7.2 JWT Authentication Filter ExchangeController.java अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|