Gửi #844486: SonicCloudOrg SonicServer 2.7.2 Code Injectionthông tin

tiêu đềSonicCloudOrg SonicServer 2.7.2 Code Injection
Mô tảThe POST /exchange/send endpoint in sonic-server-controller is annotated with @WhiteUrl, which causes the platform's JWT authentication filter to unconditionally skip authentication for this endpoint. Any unauthenticated attacker can POST arbitrary JSON payloads to this endpoint, which are forwarded verbatim into the internal Transport WebSocket channel shared between the server and all connected Agents. This allows an attacker to inject any internal protocol message — including runStep (triggering test execution), stopStep, or device control commands — without possessing any credentials. When chained with V-S002 (Groovy unsandboxed execution), this vulnerability enables zero-authentication remote code execution on every Agent host managed by the Sonic Server.
Nguồn⚠️ https://github.com/xpp3901/CVE_APPLY/blob/main/V-S001_SonicCloudPlatform_Unauth_ExchangeSend
Người dùng
 xpp39 (UID 97299)
Đệ trình01/06/2026 05:30 (cách đây 1 tháng)
Kiểm duyệt11/07/2026 14:24 (1 month later)
Trạng tháiđược chấp nhận
Mục VulDB377804 [SonicCloudOrg sonic-agent đến 2.7.2 JWT Authentication Filter ExchangeController.java nâng cao đặc quyền]
điểm20

Do you need the next level of professionalism?

Upgrade your account now!