900 Sangoma FreePBX Instances Infected With Web Shells
Summary
Approximately 900 Sangoma FreePBX instances have been infected with web shells. The attacks leveraged a post-authentication command injection vulnerability present in the endpoint manager interface.
IFF Assessment
FOE
The compromise of numerous FreePBX instances indicates a widespread vulnerability exploitation.
Severity
7.2
High
(AI Estimated)
Defender Context
Defenders should investigate their Sangoma FreePBX instances for signs of compromise, including the presence of web shells. Post-authentication command injection vulnerabilities are particularly dangerous, highlighting the importance of rigorous input validation and access control measures. This incident underscores the ongoing threat to VoIP systems and the need for proactive security practices.