Published at LXer:
If you have an asterisk phone server running on a public IP, using the freePBX web GUI, and don’t have one of the latest releases it may be vulnerable. Its very common to have freePBX on an Internet routed IP, especially if you have multiple locations using the same freePBX server. And the scary part is, little documentation exists about this vulnerability, and as of right now its not listed on CVE details:
http://www.cvedetails.com/vendor/6470/Freepbx.html
Read More...