English
Arabic
العربية
Chinese (Simplified, China)
中文
Chinese (Traditional, Taiwan)
中文
Croatian
hrvatski
Czech
čeština
Dutch
Nederlands
English
English
English (United Kingdom)
English
French
français
French (Canada)
français
German
Deutsch
Hebrew
עברית
Hungarian
magyar
Italian
italiano
Persian
فارسی
Polish
polski
Portuguese (Brazil)
português
Russian
русский
Spanish
español
Thai
ไทย
Home
Knowledge Base
News
Tickets
Asterisk | FreePBX (PBX in a Flash)
VBuzzer
>
Technical Information
FreePBX Security Information
Critical security vulnerabilities exist in FreePBX 13.0.12 and 13.0.26:
An unauthenticated remote attacker can run shell commands as the Asterisk user of any FreePBX machine with ‘Recordings’.
This has been fixed in Recordings 13.0.27.
http://wiki.freepbx.org/display/FOP/2016-08-09+CVE+Remote+Command+Execution+with+Privileged+Escalation
Critical security vulnerabilities exist in FreePBX 12:
A Zero-Day Remote Code Execution and Privilege Escalation exploit allows users to bypass authentication and gain ‘Full Administrator’ access to the FreePBX server when the ‘FreePBX ARI Framework module/Asterisk Recording Interface (ARI)’ is present on the system.
http://www.freepbx.org/critical-freepbx-rce-vulnerability-all-versions/
Connecting a FreePBX Trunk to VBuzzer
To connect your FreePBX server, you require the following details in your Trunk setup:
Replace the host with the SIP Server provided for your account.
Replace ##YOUR-SIP-USERNAME## with the ATA/SIP Device UserName provided for your account.
Replace ##YOUR-SIP-PASSWORD## with the ATA/SIP Device Password provided for your account.
Share this article
Print
×
forgotPassLbl
Username
Please log in below
×
Username
Password
Remember Me
Not Logged In
×
You must be logged in to perform this action.