The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet.
FreePBX is an open-source PBX (Private Branch Exchange) platform built on top of Asterisk, widely used by businesses, call centers, and service providers to manage voice communications, extensions, SIP trunks, and call routing.
In an advisory posted to the FreePBX forums, the Sangoma FreePBX Security Team warned that since August 21, hackers have been exploiting a zero-day vulnerability in exposed FreePBX administrator control panels.
“The Sangoma FreePBX Security Team is aware of a potential exploit affecting some systems with the administrator control panel exposed to the public internet, and we are working on a fix, with expected deployment within the next 36 hours,” reads the forum post.
“Users are advised to limit access to the FreePBX Administrator by using the Firewall module to limit access to only known trusted hosts.”
The team has released an EDGE module fix for testing, with a standard security release scheduled for later today.
“The EDGE module fix provided should protect future installations from infection, but it is not a cure for existing systems,” warned Sangoma’s Chris Maj.
“Existing 16 and 17 systems may have been impacted, if they a) had the endpoint module installed and b) their FreePBX Administrator login page was directly exposed to a hostile network e.g. the public internet.”
Admins wishing to test the EDGE release can install it using the following commands:
FreePBX users on v16 or v17 can run:
$ fwconsole ma downloadinstall endpoint --edge
PBXAct v16 users can run:
$ fwconsole ma downloadinstall endpoint --tag 16.0.88.19
PBXAct v17 users can run:
$ fwconsole ma downloadinstall endpoint --tag 17.0.2.31
However, some users have warned that if you now have an expired support contract, you may not be able install the EDGE update, leaving your device unprotected.
If you are unable to install the EDGE module, you should block access to your ACP until the full security update is released tonight.
Flaw actively exploited to breach servers
Since Sangoma published the advisory, numerous FreePBX customers have come forward stating that their servers had been breached through this exploit.
“We are reporting that multiple servers in our infrastructure were compromised, affecting approximately 3,000 SIP…
Click Here to Read the Full Original Article at BleepingComputer…