[AusNOG] Heads up: Super awful FreePBX RCE
Rob Thomas
xrobau at gmail.com
Wed Nov 20 14:23:35 EST 2019
If you have any FreePBX machines floating around, now is the time to make
sure they're up to date, ESPECIALLY if they're visible from the interwebs.
https://www.reddit.com/r/VOIP/comments/dypp36/20191119_critical_freepbx_security_vulnerability/
I backdated it for those yanks who are living in the past, but it was
discovered this morning.
The quick summary is it's a trivial exploit, with the ability to escalate
to a root shell - which means a pwned machine, all the attacker needs is
unauthenticated visibility to any of the admin pages.
Feel free to hit me up offlist if you need any more info. And yes, it was
my code that was vulnerable, but in my defence it was 12 year old code, and
the vulnerability was only just discovered now 8)
--Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20191120/56d3c569/attachment.html>
More information about the AusNOG
mailing list