24 Aug Fuze Patches TPN Portal Vulnerabilities
Last Tuesday, enterprise voice, messaging, and collaboration platform Fuze patched a series of vulnerabilities in their TPN Handset Portal which could have put credentials and user information at risk.
The three vulnerabilities – R7-2017-07.1 (CWE-284), R7-2017-07.2, (CWE-319), and R7-2017-07.3, (CWE-307) were discovered by Rapid7 researchers who immediately reported it to Fuze after verification.
Fuze CIO Chris Conry revealed that they were able to re-mediate the vulnerabilities in full within two weeks. He also relayed their thanks to Rapid7 for responsibly sharing security information.
Customers are advised that they do not need to do anything as all issues have already been addressed by server updates.