FreePBX | Register | Issues | Wiki | Portal | Support

RTP Bleed CVE-2017-14099


(Pa Si) #1

The CVE-2017-14099 advisory stated that Asterisk Open Source version 11.x series is affected by the RTP bleed.

  1. I am having FreePBX 12.0.76.4 with these modules Asterisk CLI 2.11.0.3, Asterisk Info 12.0.2, Asterisk Logfiles 12.0.6, Asterisk API 12.0.2, Asterisk IAX Settings 2.11.0.3, Asterisk SIP Settings 12.0.16.
  2. The Asterisk Info page is showing “Asterisk (Ver. 11.15.0)”
  3. The Asterisk SIP setting is showing that my “Strict RTP” setting is turned on.

Am I affected by this RTP bleed bug?
If yes, is there any bug fix for this?

Thank you,


(Tony Lewis) #2

YOu need to upgrade asterisk on your box. Also your FreePBX is very old and not supported. Current stable release is version 14


(Pa Si) #3

Hi Tony,

I have upgraded my FreePBX server to 10.13.66-1 and using the Asterisk 13.17.1.
Would my system still be affected by this bug?

Thank you.


(Pa Si) #4

The answer is no.