This article discusses meta-issues surrounding security fixes in FreePBX, investigates vulnerability scoring tools, and offers some ideas for improvements. System Administrators should walk away with a better understanding of terms like CVE, CWE, CVSS (including the differences between Base and other metrics), and EPSS.
Summary: Ensure that all FreePBX/PBXact modules are up to date Always monitor and follow up on security notifications from your PBX Ensure that you are on supported FreePBX/PBXact version 15 or greater EOL versions of FreePBX/PBXact (14 or older) do not get security updates or bug fixes! Security Vulnerability SEC-2023-001 Hello all. By now, administrators
This past week saw two noteworthy threads posted to the FreePBX community forum separated by a few days; independent reports of a “Tampered File Warning” showing up in the FreePBX dashboard. This warning is connected to a core security feature of FreePBX. In FreePBX (and PBXact) each module is published with a signature, and in
“Security is always excessive until it’s not enough.” –Robbie Sinclair, Head of Security, Country Energy, NSW Australia Hello Everyone, Security should be high on the list of things to consider for any FreePBX installation. As more companies are applying changes to provide a good work-from-home experience for their employees, doing this securely is something on