PHP attack in Asterisk? Check Point Research finding

Wondering if anyone has any information on this disclosure from Check Point Research about an attack method against Asterisk?
In the ZDNet article it says "Check Point told ZDNet the research has been disclosed to Asterisk and that the vulnerability that enables the attack to take place was patched before the attack was first spotted. "

So I’m wondering… what patch?

So is everyone else as they didn’t identify anything of substance. The other key takeaway here is that this is related to FreePBX and not Asterisk. Asterisk doesn’t have a GUI. Asterisk doesn’t require the use of PHP. FreePBX checks off both of those.

I’m going to say that as long as your FreePBX is up to date, you have been patched.

Already discussed: Asterisk: a targeted VOIPspionage campaign - update PBX to patch the vulnerability

Details are scant, appears they are exploiting a 3 year old CVE on an un-updated system. Nothing to see here.


Thanks Lorne… i got a little worried because there is one FreePBX instance that I have that for some reason was getting fail2ban alerts from primarily Gaza ISP IP addresses. I’ve had to go as far as blacklisting as many IP subnets I find related to the region on that PBX instance.

Well you are probably not the only one. It has the outward appearance of being a PSA (public service announcement) as opposed to what it really is; more of a fun hacking exercise of what might be done to leverage an old exploit. I presume this was intentional for click bait, but does has a ring of irresponsibility to me.

This topic was automatically closed 31 hours after the last reply. New replies are no longer allowed.