This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OS Command Injection in Sangfor OMS. π₯ **Consequences**: Attackers can execute arbitrary system commands, leading to full server compromise, data theft, or service disruption.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-78. π **Flaw**: Improper handling of the `sessionPath` parameter in the `/isomp-protocol/protocol/getCmd` endpoint. User input is not sanitized before OS execution.
Q3Who is affected? (Versions/Components)
π’ **Vendor**: Sangfor (ζ·±δΏ‘ζ). π¦ **Product**: Operation and Maintenance Management System. π **Affected**: Version 3.0.8 and earlier.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: High. CVSS Score indicates Critical impact (C:H, I:H, A:H). π΅οΈ **Data**: Full access to underlying OS. Hackers can read/write files, install backdoors, or pivot to internal networks.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: LOW. π **Access**: Network Accessible (AV:N). π **Auth**: No Privileges Required (PR:N). π±οΈ **UI**: No User Interaction Needed (UI:N). Easy to exploit remotely.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π’ **Public Exp?**: Yes. π **Evidence**: GitHub issues and VDB entries confirm exploit availability. β οΈ **Status**: Active exploitation indicators exist in threat intelligence feeds.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Sangfor OSM v3.0.8-. π― **Target**: Check if `/isomp-protocol/protocol/getCmd` is exposed. π§ͺ **Test**: Send crafted `sessionPath` payloads to verify command injection response.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Fix**: Upgrade to a patched version > 3.0.8. π **Published**: Advisory released Jan 9, 2026. β **Action**: Apply vendor patch immediately.
Q9What if no patch? (Workaround)
π§ **Workaround**: If unpatched, block external access to `/isomp-protocol/protocol/getCmd` via WAF or Firewall. π« **Mitigation**: Restrict network access to the management interface strictly.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: CRITICAL. π¨ **Priority**: P1. With CVSS High/Complete impact and low exploitation barrier, immediate patching or isolation is mandatory to prevent breach.