If you have any Freepbx 15 servers you need to check the restapps and userman modules
https://community.freepbx.org/t/0-day-freepbx-exploit/80092
you need to make sure you are running at LEASTrestapps 15.0.20 and userman 15.0.67 anything newer use scripts below to downgrade
Now fixed versions in repositories
Useman 15.0.67 is the fix version
[root@pbx ~]# fwconsole ma list |grep userman | userman | 15.0.67 | Enabled | AGPLv3+ | [root@pbx ~]# crontab -l -uasterisk |grep userman */15 * * * * [ -e /usr/sbin/fwconsole ] && sleep $((RANDOM\%30)) && /usr/sbin/fwconsole userman --syncall -q
For restapps see https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE
But fixed version is
- > restapps v15.0.20
- > restapps v16.0.19
Simple scripts to check and update are
fwconsole ma list |grep restapps Anything older than 15.0.20 fwconsole ma downloadinstall restapps --tag 15.0.20 fwconsole ma list |grep restapps fwconsole chown fwconsole r
and
In the userman reversion note that you need to install again after the downloadinstall , This removes the offending line from crontab
fwconsole ma list |grep userman crontab -l -uasterisk |grep userman
The above checks the cron jobs for the offending line then if older than 15.0.67 then update as below
fwconsole ma downloadinstall userman --tag 15.0.67 fwconsole ma install userman fwconsole chown fwconsole r