Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

Tag Archives: vulnerability

Vulnerability in FreePBX 2.5 and 2.6

The Exploit Database reports that FreePBX version 2.5 and 2.6 is vulnerable to Cross-Site Scripting (XSS).

An affected user may unintentionally execute scripts or actions written by
an attacker. In addition, an attacker may obtain authorization cookies
that would allow him to gain unauthorized access to the application.

This is just the beginning of vulnerabilities in different VoIP applications. Up until now, there has not been the need of vulnerabilities to exploit VoIP services. Too many IP PBXes has been configured insecure, and easy to abuse.

The next wave will see more exploits beeing used towards IP PBXes. They are often based on same protocols and applications as any other server….


The quarterly VoIP vulnerability list

The VoIPSA blog released a quarterly overview of VoIP vulnerabilites for Q1 2008. Yes, it is a little old at the moment, but still interesting. The Cisco phones are on top when it comes to number of vulnerabilities. It is slightly more scary that a VoIP expert, InGate, also has errors on their equipment. It was an easy to exploit Denial-of-Service(DoS) bug, critical for those relying on InGate to protect them from DoS attacks.