Recently I’ve seen a big increase in the number of network scans against the version of vTiger that was included with Elastix.
The attackers are looking for this exploit – http://www.cvedetails.com/cve/CVE-2009-3249/
This allows viewing any file on the system, meaning that they can see all Asterisk usernames and passwords for trunks and extensions.
In fact there have been quite a lot of exploits with vTiger over the years, and there will likely be more – http://www.cvedetails.com/product/6148/Vtiger-Vtiger-Crm.html?vendor_id=3505
I strongly recommend that if you run Elastix (which includes vTiger even if you don’t use it) that you either –
- Limit access to the web interface of your server to only specific IP addresses
- If you don’t use vTiger then disable access to the interface by running –