News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Firmware Security Flaw? Configuration Problem? Or ???

Started by theancient, March 04, 2019, 10:34:43 PM

Previous topic - Next topic

theancient

I have been using VOIP.ms with an Obi200 through my ASUS AC-3200 router for almost 2 years.

I was recently automatically updated to FW 3.2.2 (Build: 5921EX) on the Obi200.

Yesterday, I turned on the built-in ASUS AC-3200 AiProtection from Trend Micro that has a Two-Way Intrusion Prevention.  I set it up to send an email upon detecting any errors.

I am getting about 2000 Security Events per day.  The wording sounds like it is coming from the Obi200 trying to talk with Obihai Technology.  Looking into the errors, I found the following info:

------------------------------------------------------------------------------------------------
SIP Digium Asterisk app_minivm Caller-ID Command Execution -1 (CVE-2017-14100)    *** The email listed error

October 24, 2017

A command execution vulnerability exists in Digium Asterisk. The vulnerability is due to insufficient validation of Caller-IDs within SIP requests when the MinivmNotify() dialplan function is used with an external notification program. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted SIP packets to the Asterisk server.
------------------------------------------------------------------------------------------------

I am not using an Asterisk server. I do pay for Caller-ID names on Voip.ms.

Have you heard of this problem before?
Could it be a box configuration setting that is wrong?
Could it be something due to VoIP.ms?

To me, it sounds like a software problem with the Firmware.  

I know I can turn off the emails, but there are several other Firewall tests that are bundled in the single email for errors.

Mango

Since the Asterisk server isn't yours, this is a red herring.  Given the age of this bug, most likely the owner of the Asterisk server has either patched it or implemented a patch within their dial plan or firewall.  Either way, it doesn't affect you.

If you wish, you can try to disable OBiTALK Service and see if the notifications cease.  However, you will need to re-enable it if you wish to use the features of OBiTALK.