The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet.
FreePBX is an open-source PBX (Private Branch Exchange) platform built on top of Asterisk, widely used by businesses, call centers, and service providers to manage voice communications, extensions, SIP trunks, and call routing.
In an advisory posted to the FreePBX forums, the Sangoma FreePBX Security Team warned that since August 21, hackers have been exploiting a zero-day vulnerability in exposed FreePBX administrator control panels.
"The Sangoma FreePBX Security Team is aware of a potential exploit affecting some systems with the administrator control panel exposed to the public internet, and we are working on a fix, with expected deployment within the next 36 hours," reads the forum post.
"Users are advised to limit access to the FreePBX Administrator by using the Firewall module to limit access to only known trusted hosts."
The team has released an EDGE module fix for testing, with a standard security release scheduled for later today.
"The EDGE module fix provided should protect future installations from infection, but it is not a cure for existing systems," warned Sangoma's Chris Maj.
"Existing 16 and 17 systems may have been impacted, if they a) had the endpoint module installed and b) their FreePBX Administrator login page was directly exposed to a hostile network e.g. the public internet."
Admins wishing to test the EDGE release can install it using the following commands:
FreePBX users on v16 or v17 can run:
... continue reading