Waiting for security patch: Attacks on FreePBX telephony and VoIP GUI

Attackers are currently attacking the free GUI FreePBX for telephony and VoIP environments based on Asterisk. A security patch has been announced, but is not yet available. Until then, administrators should protect their systems with a temporary solution.

Much is still unknown

A post by a team member in the FreePBX forum indicates that the security patch should be released soon. However, instances are only vulnerable if the admin panel is accessible via the Internet. It also sounds as if the endpoint module must be installed.

In such a case, attackers start at the interface. It is not yet clear how this actually works. There is also currently no further information on the vulnerability and the impact of successful attacks. A CVE number and a classification of the severity of the vulnerability are also still pending.

Act now!

The FreePBX developers describe a workaround to eliminate the starting point for attackers, which they say admins should implement immediately. Until the security update is released, admins must check whether the interface is publicly accessible. If this is the case, they must use the FreePBX firewall module to regulate access to their IP address alone. It must also be ensured that the latest endpoint module is installed.

Further information on how admins can detect and restore instances that have already been attacked is listed by the developers in the forum post. In the course of this, admins must change passwords for their systems and import backups, among other things.

Affected users are also reporting in the forum. One user reports compromised servers and around 3000 attacked SIP telephones.

(des)