提交 #844486: SonicCloudOrg SonicServer 2.7.2 Code Injection信息

标题SonicCloudOrg SonicServer 2.7.2 Code Injection
描述The POST /exchange/send endpoint in sonic-server-controller is annotated with @WhiteUrl, which causes the platform's JWT authentication filter to unconditionally skip authentication for this endpoint. Any unauthenticated attacker can POST arbitrary JSON payloads to this endpoint, which are forwarded verbatim into the internal Transport WebSocket channel shared between the server and all connected Agents. This allows an attacker to inject any internal protocol message — including runStep (triggering test execution), stopStep, or device control commands — without possessing any credentials. When chained with V-S002 (Groovy unsandboxed execution), this vulnerability enables zero-authentication remote code execution on every Agent host managed by the Sonic Server.
来源⚠️ https://github.com/xpp3901/CVE_APPLY/blob/main/V-S001_SonicCloudPlatform_Unauth_ExchangeSend
用户
 xpp39 (UID 97299)
提交2026-06-01 05時30分 (1 月前)
管理2026-07-11 14時24分 (1 month later)
状态已接受
VulDB条目377804 [SonicCloudOrg sonic-agent 直到 2.7.2 JWT Authentication Filter ExchangeController.java 权限提升]
积分20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!