FreePBX Vulnerability Patch | Flowroute Blog

Security announcement: FreePBX Vulnerability Patch

Posted on April 8, 2014 by

If you’re using FreePBX, there’s a good chance you need to secure it.

FreePBX-vulnerability-patch

There’s a vulnerability in the Framework Module for FreePBX versions 2.9 and above. Your SIP trunking credentials may be compromised. The vulnerability notice is documented in FreePBX Ticket 7123 which states that, “config.php has a remote command execution vulnerability which is available without proper authentication.”

The vulnerability has been resolved in the latest release of FreePBX. So, if you are using FreePBX version 2.9 or above, you should make sure your FreePBX is updated to the latest version so that you’re protected from the threat. Lock down your account by following the steps found here.

If you’re a Flowroute customer, you’ll also need to update your credentials.

  1. Login to your Flowroute account and reset your SIP credentials password on the Interconnection tab of your Flowroute Manager.
  2. Re-implement your updated SIP credentials in FreePBX.

Added measure of security:
To further reduce your exposure, you should disable your SIP credentials for outbound calling and use Outbound IP authentication exclusively (if you’re connecting through a static IP). This tutorial will show you how.

Intrado has sales and/or operations in the United States, Canada, Europe, the Middle East, Asia Pacific, Latin America and South America. Intrado is controlled by affiliates of certain funds managed by Apollo Global Management, LLC. For more information, please call 1-800-841-9000.

©2004 - 2019 Intrado. All Rights Reserved. Legal & Privacy | Diversity | Tariffs | Blog & Corporate News | Investor News | Contact