RTP Bleed CVE-2017-14099

The CVE-2017-14099 advisory stated that Asterisk Open Source version 11.x series is affected by the RTP bleed.

  1. I am having FreePBX with these modules Asterisk CLI, Asterisk Info 12.0.2, Asterisk Logfiles 12.0.6, Asterisk API 12.0.2, Asterisk IAX Settings, Asterisk SIP Settings 12.0.16.
  2. The Asterisk Info page is showing “Asterisk (Ver. 11.15.0)”
  3. The Asterisk SIP setting is showing that my “Strict RTP” setting is turned on.

Am I affected by this RTP bleed bug?
If yes, is there any bug fix for this?

Thank you,

YOu need to upgrade asterisk on your box. Also your FreePBX is very old and not supported. Current stable release is version 14

1 Like

Hi Tony,

I have upgraded my FreePBX server to 10.13.66-1 and using the Asterisk 13.17.1.
Would my system still be affected by this bug?

Thank you.

The answer is no.