wardmundy
Nerd Uno
- Joined
- Oct 12, 2007
- Messages
- 19,199
- Reaction score
- 5,218
We strongly recommend that you immediately upgrade your FreePBX Framework module to address this vulnerability. As all servers should be, PIAF and Incredible PBX servers sitting behind hardware-based firewalls with no HTTP (port 80) exposure are protected from outside attacks. Similarly, systems that have deployed Travelin' Man 3 are protected from anonymous HTTP attacks. Purely from an academic standpoint, we differ a bit on the scope of this vulnerability on PIAF systems (NOT Raspberry Pi and Beaglebone platforms!) because of the PIAF Apache authentication mechanism that generally protects FreePBX resources on PIAF servers; however, everyone should install the upgrade to be absolutely secure... especially Incredible PBX users on the Raspberry Pi and Beaglebone platforms! UPDATE: This upgrade is automatically pushed to all Incredible PBX systems on the first root login.
Code:
amportal a modadmin upgrade framework
amportal a r
Very nice job by the FreePBX Dev Team in highlighting security issues in the FreePBX GUI now!!