This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OS Command Injection in Sangfor OMS. π₯ **Consequences**: Attackers can execute arbitrary system commands, leading to full server compromise, data theft, or service disruption.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-78 (OS Command Injection). π **Flaw**: Improper handling of the `sessionPath` parameter in the `/isomp-protocol/protocol/getHis` HTTP POST endpoint.
Q3Who is affected? (Versions/Components)
π’ **Vendor**: Sangfor (China). π¦ **Product**: Operation and Maintenance Management System. β οΈ **Affected**: Versions **3.0.8 and earlier**.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: High (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). π **Data**: Full access to Confidentiality, Integrity, and Availability. Essentially **Root/Admin access**.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. π **Network**: Remote (AV:N). π« **Auth**: No privileges required (PR:N). π€ **UI**: No user interaction needed (UI:N). Easy to exploit remotely.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploit Status**: Public references exist on GitHub and VDB. π **Details**: Issue #11 on GitHub and VDB-340345 indicate active tracking and potential PoC availability.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Sangfor OMS endpoints. π‘ **Target**: Look for HTTP POST requests to `/isomp-protocol/protocol/getHis`.β¦
π οΈ **Fix**: Upgrade to a version **newer than 3.0.8**. π’ **Official**: Check Sangforβs official security advisory for the specific patched version.
Q9What if no patch? (Workaround)
π§ **Workaround**: If patching is delayed, **block external access** to the OMS interface. π **Mitigate**: Restrict network access to the `/isomp-protocol/protocol/getHis` endpoint via firewall/WAF rules.