Security Issue Affecting ICONnect VP Systems
September 3, 2025
This notice is to inform you of a security issue affecting ICONnect VP systems. The Web Admin Interface (also referred to as Admin Panel, Web Admin Portal, Web GUI, or Administrator Portal) is vulnerable to unauthorized access when exposed to the public internet. This issue specifically affects the EndPoint Manager module.

IMMEDIATE ACTION REQUIRED

Systems left exposed may be at risk of unauthorized access and potential service disruption.

To protect your ICONnect VP system please perform the following two procedures:
1. Install the ICONnect VP software update.
2. Restrict access to the Web Admin Interface.
1. SOFTWARE UPDATEA system software update is available to correct this security issue. There are two options to enable this update:
Enable Automatic Updates.
ICONnect VP systems with automatic software updates enabled will be updated with no further action required. To confirm if automatic updates are enabled follow the procedure below.

1. Login to the Web Admin Interface and go to ADMIN > Updates.
2. Click the “Scheduler and Alerts” tab and check to confirm if automatic updates are enabled.
   
   
   
   
3. If the feature is enabled, the system will update the next time the system is configured to check for updates. 
4. If this feature is not enabled choose “Enabled” and click Save. You may also change the day of the week and time when the system checks for updates.

Manual Update Using the ICONnect VP Console (Command Line Interface).
Follow the procedure below to manually update the system software:

1. Connect to your ICONnect VP appliance by either directly plugging in a monitor (VGA or HDMI) and keyboard (USB), Plugging a computer directly into the Console port (requires an RJ45 to serial cable), or using a terminal emulator/SSH client such as PuTTY. For more information on connecting to an ICONnect VP system please reference The ICONnect VP Quick Setup Guide (https://www.iconnetworks.com/ivp-quicksetup.html).
   
   Example PuTTY configuration settings in are provided on the next page of this document.
   
   
   
2. From the login prompt enter the default username root and password of your system.
   
   Note: If your machine is still using the default root password, ICON strongly recommends you change this. For instructions on changing the root password please see (https://www.iconnetworks.com/ivp-quicksetup.html).
   
   
   
   
3. Once you are logged into root access, type the following command:
   
   fwconsole ma upgradeall
   
   It will take approximately five minutes to run the upgrade.
4. Once the upgrade is completed, type the following command:
   
   fwconsole reload
   
   
5. Once you see “Reload Complete” the upgrade process is complete
6. Confirm that the endpoint module version number has been updated by typing the following command:
   
   fwconsole ma list | grep endpoint
   
   - If your system software is version 16, the end point manager version will be 16.0.89.
   
   - If your system software version is 17, the end point manager version will be 17.0.3.
   
   Note: the version number of the end point manager can also be checked through the Web Administrator by going to ADMIN > UPDATES, clicking the Module Updates tab and scrolling to the Settings section and checking the EndPoint Manager version number.
   
   
7. Test to confirm proper system operation.

2. RESTRICT ACCESS TO THE WEB ADMIN INTERFACETo ensure the maximum protection of your system we strongly recommend that you limit external access to the Web Admin Interface, so it is only available from trusted IP addresses.
The settings described below are made in the customer's network / firewall configuration. If you do not maintain the firewall please contact the customer’s network / firewall administrator.
Recommended:

• Block all inbound traffic from the public internet to the Web Admin Interface port (default HTTPS port 443, unless changed).
• Explicitly allow access only from trusted IP addresses or management subnets (for example, your office LAN or VPN range).
• If remote administration is required, use a VPN connection so that access to the Web Admin Interface is only possible through the secure tunnel.
• Do not leave the Web Admin Interface open to the internet.

Due to the varying nature of different manufacturer’s firewall and router equipment, follow the general steps below to limit access through the customer’s firewall:

1. Log into the customer firewall management console web interface, command line or management software. To do this you will need to know the IP address of the device.
2. Locate the security or access rules section.
3. Create a new inbound route for the ICONnect Web Admin Interface using the IP address of the ICONnect VP system as the destination and the Web Admin Interface port (default is 443. You may confirm in the ICONnect Web Admin by going to Admin>System Admin>Port Management).
4. Deny all inbound traffic to this port by setting a rule so that no external public IP addresses are allowed to connect.
5. Add exceptions for trusted IP addresses by creating “allow rules that only permit access from trusted workstations or networks. For example, the customer’s office LAN subnet or a VPN subnet. You may also enable a trusted public IP address as required.
6. Apply and save changes.
7. Test access from both a trusted and untrusted network.

If you require assistance with this procedure, please contact ICON Technical support at [email protected] | 972-929-9100.
 
 
 
 
 
ICON Voice Networks
[email protected]
www.iconnetworks.com
972-929-9100



​DOWNLOAD PDF