Vulnerability Details CVE-2022-26143
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.648
EPSS Ranking 98.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 9.0
Proposed Action
A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
Ransomware Campaign
Unknown
References
- https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/
- https://blog.cloudflare.com/cve-2022-26143/
- https://news.ycombinator.com/item?id=30614073
- https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/
- https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001
- https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/
- https://arstechnica.com/information-technology/2022/03/ddosers-use-new-method-capable-of-amplifying-traffic-by-a-factor-of-4-billion/
- https://blog.cloudflare.com/cve-2022-26143/
- https://news.ycombinator.com/item?id=30614073
- https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/
- https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-22-0001
- https://www.shadowserver.org/news/cve-2022-26143-tp240phonehome-reflection-amplification-ddos-attack-vector/
Products affected by CVE-2022-26143
-
cpe:2.3:a:mitel:micollab:-
-
cpe:2.3:a:mitel:micollab:7.3
-
cpe:2.3:a:mitel:micollab:8.0
-
cpe:2.3:a:mitel:micollab:8.1
-
cpe:2.3:a:mitel:micollab:8.1.1
-
cpe:2.3:a:mitel:micollab:8.1.2
-
cpe:2.3:a:mitel:micollab:9.0
-
cpe:2.3:a:mitel:micollab:9.1
-
cpe:2.3:a:mitel:micollab:9.1.2
-
cpe:2.3:a:mitel:micollab:9.1.3
-
cpe:2.3:a:mitel:micollab:9.2
-
cpe:2.3:a:mitel:micollab:9.3
-
cpe:2.3:a:mitel:micollab:9.4
-
cpe:2.3:a:mitel:mivoice_business_express:7.0
-
cpe:2.3:a:mitel:mivoice_business_express:7.1
-
cpe:2.3:a:mitel:mivoice_business_express:7.2
-
cpe:2.3:a:mitel:mivoice_business_express:7.2.2
-
cpe:2.3:a:mitel:mivoice_business_express:7.3
-
cpe:2.3:a:mitel:mivoice_business_express:8.0
-
cpe:2.3:a:mitel:mivoice_business_express:8.1