{"id":2794,"date":"2021-12-22T10:02:30","date_gmt":"2021-12-22T10:02:30","guid":{"rendered":"https:\/\/www.cyber-cottage.co.uk\/?p=2794"},"modified":"2021-12-27T13:54:34","modified_gmt":"2021-12-27T13:54:34","slug":"freepbx-15-16-module-exploits-action-required","status":"publish","type":"post","link":"https:\/\/www.cyber-cottage.co.uk\/?p=2794","title":{"rendered":"Freepbx 15 \/16 module exploits. Action required"},"content":{"rendered":"\n<p>If you have any Freepbx 15 servers you need to check the restapps  and userman modules<br><a rel=\"noreferrer noopener\" href=\"https:\/\/community.freepbx.org\/t\/0-day-freepbx-exploit\/80092\" target=\"_blank\">https:\/\/community.freepbx.org\/t\/0-day-freepbx-exploit\/80092<\/a><\/p>\n\n\n\n<p>you need to make sure you are running at <strong>LEAST<\/strong>restapps 15.0.20 and userman 15.0.67 anything newer use scripts below to downgrade\u00a0<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Now fixed versions in repositories<\/p>\n\n\n\n<p>Useman 15.0.67 is the fix version<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@pbx ~]# fwconsole ma list |grep userman\n| userman | 15.0.67 | Enabled | AGPLv3+ |\n[root@pbx ~]# crontab -l -uasterisk |grep userman\n*\/15 * * * * [ -e \/usr\/sbin\/fwconsole ] &amp;&amp; sleep $((RANDOM\\%30)) &amp;&amp; \/usr\/sbin\/fwconsole userman --syncall -q<\/pre>\n\n\n\n<p>For restapps see <a href=\"https:\/\/wiki.freepbx.org\/display\/FOP\/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/wiki.freepbx.org\/display\/FOP\/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE<\/a><\/p>\n\n\n\n<p>But fixed version is <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>&gt; restapps v15.0.20<\/li><li>&gt; restapps v16.0.19<\/li><\/ul>\n\n\n\n<p><br>Simple scripts to check and update are\u00a0<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">fwconsole ma list |grep restapps\nAnything older than 15.0.20\n\nfwconsole ma downloadinstall restapps --tag 15.0.20\nfwconsole ma list |grep restapps\nfwconsole chown\nfwconsole r<\/pre>\n\n\n\n<p>and&nbsp;<\/p>\n\n\n\n<p>In the userman reversion note that you need to install again after the downloadinstall , This removes the offending line from crontab<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">fwconsole ma list |grep userman\ncrontab -l -uasterisk |grep userman<\/pre>\n\n\n\n<p>The above checks the cron jobs for the offending line then if older than 15.0.67 then update as below<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><meta charset=\"utf-8\">fwconsole ma downloadinstall userman --tag 15.0.67\nfwconsole ma install userman\nfwconsole chown\nfwconsole r<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Freepbx 15 \/16 module exploits. Action required.<br \/>\nIf you have any Freepbx 15 servers you need to check the restapps  and userman modules<\/p>\n","protected":false},"author":1,"featured_media":1573,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[104,11,82,6,7],"tags":[23,40,73,76],"class_list":["post-2794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-freepbx","category-knowledge","category-security-knowledge","category-support-services","category-technical","tag-asterisk","tag-freepbx","tag-support","tag-voip"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.cyber-cottage.co.uk\/wp-content\/uploads\/2016\/04\/url-pop.png?fit=117%2C125&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p5daZy-J4","jetpack_sharing_enabled":true,"jetpack_likes_enabled":false,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/2794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2794"}],"version-history":[{"count":4,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/2794\/revisions"}],"predecessor-version":[{"id":2798,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/2794\/revisions\/2798"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/media\/1573"}],"wp:attachment":[{"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}