August 2024 VICIdial Security Update
Please read this carefully as it contains important information regarding the security of your VICIdial system.
The ViciDial Group recently conducted a security audit of VICIdial which resulted in the identification of severe vulnerabilities. We have patched these and submitted these changes to the code-base. Any system that is at SVN version 3848 or greater already has them. If your system is below that version, we strongly recommend that you upgrade to address these concerns. If you would like us to upgrade your system for you, please send a new email to support@cyburdial.com and put “Security Upgrade” in the subject. A typical upgrade takes about 15 to 30 minutes of support time. You can see the seriousness of these exploit here: https://packetstormsecurity.com/files/181461/VICIdial-2.14-917a-Remote-Code-Execution.html
https://packetstormsecurity.com/files/181460/VICIdial-2.14-917a-SQL-Injection.html
To find the SVN version of your VICIdial installation, log into your administator account and go to “Admin”, then click on “System Settings”. It will be the second line from the top, on the right, under “SVN Version”.
Please note, if your setup contains customizations done directly to VICIdial’s code, further review of your system will be needed as it may not be possible to upgrade you.
You can update your SVN by following this article: How to – Update your Vicidial version with subversion
Chris aka carpenox