Too Long; Didn't Read
Check Point Research encountered a series of worldwide attacks relevant to VoIP, specifically to Session initiation Protocol (SIP) servers. The attack exploits CVE-2019-19006, a critical vulnerability in Sangoma PBX, granting the attacker admin access to the system. Gaining access to SIP servers allows hackers to abuse them in several ways. One of the more complex and interesting ways is abusing the servers to make outgoing phone calls, which are also used to generate profits. Inj3ct0r’s attack flow starts with scanning, continues with exploiting the vulnerability, and proceeds to web shell installation.