OpenVPN Security Update

From Snom User Wiki

Jump to: navigation, search

Important Security patch available

Please note that a firmware patch upgrade is not needed in most cases. please enquire here security@snom.com

Available for: snom Firmware Release 8.7.5

Impact: A remote attacker may be able to gain administration rights, spoof a VPN tunnel, place malware and execute arbitrary code

Affected products: snom 370, snom 7xx and snom 8xx Series

Description: Several issues existed in actionURLs and java script handling that would have allowed an attacker to get access to administrations rights. With administrations rights an attacker can misuse the OpenVPN support to upload malware or spoof a VPN tunnels. These issues were addressed by removing scripting vulnerabilities and the OpenVPN client from the firmware image. Affected are deployments which have not been secured with web server user and password or/and have been provisioned via an unsafe http provisioning server.

snom strongly recommends to upgrade phones used in cloud services. The upgrade will remove potential malware files and scripting vulnerabilities. Local deployments without access to the Internet need to be secured with existing user, admin passwords and https provisioned to address potential internal attackers. Full local scripting vulnerability security can be achieved by upgrading.


Intranet Devices which are not provisioned via a potentially unsecure cloud service are not affected in case all users follow the security advices a phone shows on the web interface under 'http://PhoneIP/security.htm'. snom recommends to check this carefully. See http://wiki.snom.com/FAQ/How_do_I_secure_my_phone to do it manually.

Firmware releases e.g. 8.4.35,, and related images which are configured as stated above will not be vulnerable to expose administration rights.

Please note that snom is not stopping OpenVPN support but is delivering openVPN activate packages. In case you need an OpenVPN support firmware, please enquire here security@snom.comFile:Security at snom com.asc

"The snom team thanks Johannes Greil (discovery, analysis, coordination) and Stefan Viehböck (discovery, analysis) from the SEC Consult Vulnerability Lab (https://www.sec-consult.com/) for responsibly reporting the identified issues and working with us as we addressed them."

Please note that in most cases a patch is not necessary.

We supply our patch on request only as we want to make sure that each deployment is served correctly.

Personal tools