Hi Everyone, Sippy Software has been informed regarding a critical PHP vulnerability that allows attackers to inject commands. This allows for command injection, cookie bypass, account take overs and denial of service types of attack to your system. An update will be ready for Sippy Softswitch v2022 that contains a patched version of PHP. Customers on Sippy 2021 and older are advised to upgrade to the latest Sippy 2022 as the older versions of sippy software have not been tested with the latest stable version of PHP.

Hey Everyone Sippy Software has been informed regarding a security breach for LastPass. LastPass is a service we use to store sensitive data for some of your SoftSwitches for support purposes. We want to let our customers know we aware of this issue that is beyond our control and let you know what steps we have done to protect your systems and what you can do to help improve your own security.

Dear valued Sippy Customer, A recent exploit listed as CVE-2021-44228 was made public less than a week ago from the date of this topic. This exploit impacts Apache Log4j versions 2.0-beta9 to 2.1.4.1. This security vulnerability has some serious implications because it is easy to trigger and can be used to perform remote code execution in vulnerable systems allowing an attacker to gain full control of them. This utility is also very commonly used in a wide range of applications and of great concern to system administrators.

Dear valued Sippy Customer, A security vulnerability was reported in a third party module used in our Softswitch. SER is used to handle SIP signalling and has been fixed by their maintainers. This Fix is now incorporated in all our production versions. This security vulnerability leave Switch Operators vulnerable to SIP header injection attacks. In their worst case scenarios the vulnerability could allow for toll fraud, caller-id spoofing and authentication bypass.