Grandstream recently published a new firmware version for the UCM series of IP PBXs that adds a number of major enhancements, detailed below. Version 1.0.20.23 also fixes a reported critical security vulnerability. To ensure that every UCM series IP PBX is fully secure and protected from the security risk, Grandstream urgently suggest that you take the following 2 steps to upgrade all UCM devices:
Steps to update the UCM series
- Update each UCM6200 series and UCM6510 device to firmware version 1.0.20.23 (for UCM6100 series models, upgrade to 1.0.18.18)
- IMPORTANT - Immediately change the admin password after installing the upgrade to keep the UCM secure
The security vulnerability in question is associated with unauthenticated password retrieval. Click here to read our latest security bulletin for more information.
Note:
- Please upgrade UCM62xx to 1.0.20.22+ IMMEDIATELY for security purpose. The security bulletin is available HERE. After upgrading, please change web access password for ALL users in UCM web UI->Maintenance->User Management page including super admin, admin and consumer users. It's also highly recommended to change the username to be different from the previous username. If any unknown user exists in User Management page, please remove it immediately.
- Backup your data including configuration before firmware upgrade is a MUST.
- For UCM6xxx on 1.0.19.x, please upgrade to 1.0.20.x directly.
- For UCM6xxx on firmware earlier than 1.0.19.x, please upgrade to 1.0.19.x first, then upgrade to 1.0.20.x. To upgrade to 1.0.19.x, please check 1.0.19.x release notes “Important Upgrading Note” section and follow the instructions.
- It is recommended to upgrade UCM to latest firmware for product lifespan and security improvements.
If you still encounter difficulties, feel free to contact us.
Credit to source, information taken from:
Grandstream Networks, Inc. (2020). New UCM series firmware provides security & feature enhancements [online] Grandstream Networks, Inc.
Available at: http://content.grandstream.com/ucm-firmware-update-april-2020?ecid=ACsprvu6IyEwma43Ol0HXuLSd5RlAbNvXNOhV7Ed4nWSbovCWMiBmYVSwevfSa11vOFpmpqMP8tL&utm_campaign=UCM%20Firmware%20Update%20%2B%20April%202020&utm_source=hs_email&utm_medium=email&utm_content=86837335&_hsenc=p2ANqtz-8CotEqgtsaWIFhSOwnWfZIWW7aZ8LVPzsfIxLwb3DRohsYUremHxqw8d9a9GodgKbGoEk8JrGasSuVFShMxn7TK7ykJA&_hsmi=86837864 [Accessed 24 April 2020].