Exec shell on a host using bug in Asterisk Recording Interface index.php

index.php under the recordings directory, which is outside of the admin directory, has a remote command execution vulnerability which is available without proper authentication. (CVE-[AWAITING])

Users are advise to remove the module named "admindashboard" and upgrade fw_ari through the following commands:

#replacing the ‘AMPWEBROOT’ with the system setting.
rm -rf AMPWEBROOT/admin/modules/admindashboard

Then run the following command to remove all traces of it from FreePBX

amportal a ma upgrade fw_ari

Additionally users are advised to be on the lookout for two suspicious files, named "c.sh" or "c2.pl" respectively. If you see these two files please remove them immediately!

Further information will be provided in a blog post.