Tag Archives: vulnerable

Elastix 1.5 and 1.6 security vulnerability

If you’re still using Elastix 1.5 or 1.6 (or earlier) then it is critically important that you ensure you are not open to this vulnerability –

http://secunia.com/advisories/41330/

This allows anyone to download a list of extensions and secrets from your Elastix server, no password required! They can then use this information to place expensive calls through your server.

To test if you are vulnerable visit the following URLs in a web browser, replacing the IP address with your Elastix server IP –

http://x.x.x.x/modules/extensions_batch/libs/download_csv.php
https://x.x.x.x/modules/extensions_batch/libs/download_csv.php

The easiest was to secure your server from this is to delete the affected file (this was done in later releases) –

rm /var/www/html/modules/extensions_batch/libs/download_csv.php

There are active scans on the Internet looking for vulnerable servers.