FreePBX reports that active exploitation has occurred on multiple systems running FreePBX versions 16 and 17 that had insufficient IP filtering and ACLs (Access Control Lists) and where the management interface was directly connected to the internet. The vulnerability is therefore rated as 'High/High'. This means that both the likelihood of exploitation and the potential damage are significant.
What is the risk?
The vulnerability allows attackers to gain unauthorized access and potentially execute arbitrary code by exploiting insufficient validation of input data.
What can you do?
FreePBX has released security updates to address the vulnerability. It is important to confirm that the installed 'endpoint' module meets the minimally patched versions. Systems that do not update automatically, or users who wish to update manually, can do so via the Administrator Control Panel menu.
The Digital Trust Center (DTC) advises installing the update as soon as possible and checking your system for the presence of IOCs if you have connected your management interface to the internet. These IOCs can be found on the FreePBX website.
Connecting the management interface to the internet is only advisable in necessary cases, and then only from specific IP addresses and possibly using a VPN. Read more about edge devices. Contact your IT service provider if you are unsure whether you are using a vulnerable version.
Need help with patch management?
Do you need help with patch management? Small businesses can now temporarily benefit from a 50% subsidy on the purchase and implementation of essential cybersecurity measures. Read more about the Mijn Cyberweerbare Zaak subsidy.
