News & Secrets of VoIP Uncovered VoIPon on Twitter RSS Feed VoIPon on Facebook VoIPon on LinkedIn VoIPon on Youtube VoIPon on Google + VoIPon on pinterest

VoIPon News voipon-blog2

Published on April 22nd, 2016 | by David Frith


Increased hacking activity regarding CVE-2012-4869 vulnerability

We have been informed of increased activity amongst hackers trying to exploit the CVE-2012-4869 vulnerability in the platform, which lets them use the PBX Web interface to run their own code inside the PBX. This illegal access allows the hackers to steal user names and passwords and then create a “legitimate” connection to the PBX. This vulnerability is present in all systems running versions 2.10 or lower.

If any of your customers has a system with the Web interface exposed to the Internet we highly recommend to stop exposing it immediately. If remote access is required, a VPN or SSH tunneling may be used.

With respect to the Xorcom PBX appliances, the affected versions are installed on Elastix-based servers running v.2.4 and older. So, for customers who insist that the PBX Web interface be accessible from the Internet, the servers must be upgraded to the latest Elastix 2.5 version.

Share this story with your friends or work colleagues. If you want to stay up to date with our latest products, industry news and offers you can sign up to our monthly newsletters, keep up to date with us on Facebook or follow us on twitter @VoIPon.

Tags: , ,

About the Author

David Frith

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑