CoreLabs finds two Asterisk vulnerabilities. Core Security's CoreLabs found two vulnerabilities (one works server side, both work client-side) in open source PBX software, Asteriskshttp://www.asterisk.org/. If you haven't heard about Asterisk, it's a pretty cool product. It allows developers and administrators to use open source Asterisk software to create their own PC-based PBX. The software interfaces with man CoreLabs finds two Asterisk vulnerabilities.Core Security’s CoreLabs found two vulnerabilities (one works server side, both work client-side) in open source PBX software, Asteriskshttps://www.asterisk.org/.If you haven’t heard about Asterisk, it’s a pretty cool product. It allows developers and administrators to use open source Asterisk software to create their own PC-based PBX. The software interfaces with many industry standards and PBX-specific cards. An entire cottage industry has popped up around Asterisk, offering great PBX functionality for cheap.Anyway, Core Security, the makers of the CORE IMPACT https://www.coresecurity.com/products/coreimpact/index.php vulnerability scanner found two new vulnerabilities in Asterisk and the related IAX2 protocol for sending video. CoreLabs decided to do a manual source code review after running into a few clients that had the Asterisk product. They notified Asterisk and three days later an official patch was released.Kudos to CoreLabs for doing free open source security code review and kudos to Asterisk for responding quickly to the problem. If an open source PBX solution sounds interesting, check out Asterisk. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe